What We Do
How We Do
Resources
Company
Partners
Get Started
Security advisories

Increase in Attacks on GPON Routers

February 27, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

eSentire Threat Intelligence has observed an increase in exploitation attempts targeting consumer-grade network devices manufactured by Dasan and D-Link.

Customers are advised to review the below details and apply mitigation actions if applicable. Successful exploitation of vulnerable devices can result in remote code execution and ongoing communication between the threat actor and infected devices.

What we’re doing about it

Observed infrastructure hosting exploit payloads have been added to the eSentire global blacklist.

What you should do about it

Additional information

The identified spike in attacks does not appear to be targeted against a specific client or industry. eSentire Threat Intelligence has identified roughly three thousand unique IP addresses being used to deliver the exploit attempts. The wide number of devices launching these attacks may indicate the use of a botnet.

It is not uncommon for botnet controllers to attempt to increase the number of devices in their botnet by using tactics similar to this. The infected devices can then be used to launch additional attacks such as distributing malicious content or launching DDoS attacks.


References:

[1] GPON Router Vulnerability Antidote
https://www.vpnmentor.com/tools/gpon-router-antidote-patch/

[2] D-Link DSL-2750B - OS Command Injection (Metasploit)
https://www.exploit-db.com/exploits/44760/

View Most Recent Advisories