CVE-2019-25282

Summary

V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting improper input validation in the redirect mechanism.

Affected Software

VendorProductVersion RangeStatus
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.62R_IPv6affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.54Raffected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.52Raffected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.49affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.47affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.40affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.26affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV2.03.24affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV1.8.6affected
Guangzhou VV-SOL GPON/EPON OLT PlatformV1.4affected

Weaknesses

  • CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References