Dasan CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited Dasan CVE published 2022-03-31

CVE-2018-10562

CVE-2018-10562 is a command injection vulnerability affecting Dasan Gigabit Passive Optical Network (GPON) routers. CISA added it to the Known Exploited Vulnerabilities catalog on 2022-03-31 and marked it as associated with known ransomware campaign use. CISA’s guidance for impacted devices is clear: the product is end-of-life and should be disconnected if still in use.

Known exploited Dasan CVE published 2022-03-31

CVE-2018-10561

CVE-2018-10561 is a Dasan Gigabit Passive Optical Network (GPON) router authentication bypass vulnerability. It was published and added to CISA’s Known Exploited Vulnerabilities catalog on 2022-03-31, which indicates it is a vulnerability CISA has identified as actively exploited. CISA notes the impacted product is end-of-life and should be disconnected if still in use.