CVE-2018-10562 Dasan CVE debrief

Who should care

Organizations or operators that still have Dasan GPON routers deployed, especially anyone responsible for network edge or access infrastructure.

Technical summary

The vulnerability is identified as a command injection issue in Dasan GPON routers. The supplied official sources do not provide additional technical detail here, but the CISA KEV record confirms known exploitation and notes that the impacted product is end-of-life.

Defensive priority

Urgent. Treat as high priority because it is KEV-listed, has known ransomware campaign use, and CISA advises disconnecting the end-of-life product if it remains deployed.

Recommended defensive actions

• Inventory any Dasan GPON routers in your environment.
• If the product is still in use, follow CISA’s guidance and disconnect it because it is end-of-life.
• Replace affected devices with supported equipment.
• Prioritize immediate remediation for any exposed or internet-reachable instances.

Evidence notes

Source corpus includes the official CVE record, NVD detail page, and CISA KEV entry. The CISA KEV source item states the vulnerability name, dateAdded 2022-03-31, dueDate 2022-04-21, knownRansomwareCampaignUse as Known, and the required action that the impacted product is end-of-life and should be disconnected if still in use. Published and modified dates supplied for the CVE and source item are both 2022-03-31.

Official resources