← Advisories

V-SOL GPON/EPON OLT Platform v2.03 Reflected XSS Vulnerability

Medium

Advisory ID

ZSL-2019-5537

Release Date

26 September 2019

Vendor

Guangzhou V-SOLUTION Electronic Technology Co., Ltd. - https://www.vsolcn.com

Affected Version

V2.03.62R_IPv6, V2.03.54R, V2.03.52R, V2.03.49, V2.03.47, V2.03.40, V2.03.26, V2.03.24, V1.8.6, V1.4

CVE

CVE-2019-25284

Tested On

GoAhead-Webs

Summary

GPON is currently the leading FTTH standard in broadband access technology being widely deployed by service providers around the world. GPON/EPON OLT products are 1U height 19 inch rack mount products. The features of the OLT are small, convenient, flexible, easy to deploy, high performance. It is appropriate to be deployed in compact room environment. The OLTs can be used for 'Triple-Play', VPN, IP Camera, Enterprise LAN and ICT applications.

Description

The application is prone to multiple reflected cross-site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to several parameters that are handled by various scripts. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session.

Proof of Concept

gpon_olt_xss.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://packetstormsecurity.com/files/154631

[2]https://exchange.xforce.ibmcloud.com/vulnerabilities/167864

[3]https://cxsecurity.com/issue/WLB-2019090194

[4]https://www.cve.org/CVERecord?id=CVE-2019-25284

Changelog

26.09.2019Initial release

03.10.2019Added reference [1], [2] and [3]

24.03.2026Added reference [4]