Gpon Firmware
CVE-2019-15064
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication.
AnalysisAI
HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication. Affected products include: Hinet Gpon Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.
More in Gpon Firmware
View allAn “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. Rated critical severity (CVSS
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. Rated critical severity (CVSS
A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific c
A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific c
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today