It’s been almost a year since vpnMentor published its blog in May 2018 that identified two interesting issues (CVE-2018–10561, CVE-2018–10562), which can be combined to completely compromise GPON home routers. The vulnerabilities have gotten a lot of attention, and were weaponized by a bunch of botnets like Mettle, Muhstick, Mirai, Hajime, Satori etc. That blog felt like an unfinished story, so I’ve decided to poke GPON Home Gateway a little more.

As usual, my curiosity took me the long way to discoveries. In general, GPON Optical Network Terminal (ONT) devices are distributed to end users by their Internet Services Providers…

Artem Metla

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store