Security threats abound on the internet, which is why ethical hackers and security researchers spend much of their time in search of these issues. As part of the work that they do to keep the internet safe, researchers at vpnMentor announced that they have found an RCE vulnerability in the majority of gigabit-capable passive optical network (GPON) home routers.
With more than 1 million people using the GPON fiber-optics system, the network is pretty popular. Because so many routers today use GPON internet, the researchers conducted a comprehensive assessment on a number of the home routers and found a way to bypass all authentication on the devices, which is the first vulnerability (CVE-2018-10561).
“With this authentication bypass, we were also able to unveil another command injection vulnerability (CVE-2018-10562) and execute commands on the device,” vpnMentor said.
Through a comprehensive analysis of the GPON firmware, researchers learned that the combination of the two vulnerabilities granted full control of not only the devices but their networks as well.
“The first vulnerability exploits the authentication mechanism of the device that has a flaw. This flaw allows any attacker to bypass all authentication,” they wrote. This critical vulnerability could leave users’ gateways vulnerable to being used for botnets.
The authentication bypass bug could easily be exploited so that the gateways could be accessed remotely. “If verified, these home gateways join the escalating category of botnet-vulnerable IoT devices, and they underscore the growing risk of very large botnet-based DDoS attacks,” said Ashley Stephenson, CEO, Corero Network Security.
Because this class of routers is most often directly connected to high-speed broadband internet connections, compromised devices could be covertly herded by a bot master to form a botnet large enough to generate high-impact distributed denial-of-service (DDoS) attacks against victims around the world, said Stephenson.