惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
The Blog of Author Tim Ferriss
S
Securelist
D
Docker
The Register - Security
The Register - Security
GbyAI
GbyAI
Recorded Future
Recorded Future
Engineering at Meta
Engineering at Meta
Stack Overflow Blog
Stack Overflow Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
罗磊的独立博客
博客园 - 【当耐特】
F
Full Disclosure
WordPress大学
WordPress大学
腾讯CDC
小众软件
小众软件
大猫的无限游戏
大猫的无限游戏
D
DataBreaches.Net
SecWiki News
SecWiki News
L
Lohrmann on Cybersecurity
I
InfoQ
MyScale Blog
MyScale Blog
量子位
Cyberwarzone
Cyberwarzone
博客园 - 三生石上(FineUI控件)
The Hacker News
The Hacker News
F
Fortinet All Blogs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Jina AI
Jina AI
博客园_首页
H
Help Net Security
K
Kaspersky official blog
酷 壳 – CoolShell
酷 壳 – CoolShell
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Webroot Blog
Webroot Blog
Blog — PlanetScale
Blog — PlanetScale
V
Vulnerabilities – Threatpost
Y
Y Combinator Blog
The Cloudflare Blog
P
Proofpoint News Feed
V
Visual Studio Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tailwind CSS Blog
爱范儿
爱范儿
P
Privacy International News Feed
Security Archives - TechRepublic
Security Archives - TechRepublic
The GitHub Blog
The GitHub Blog
C
Cybersecurity and Infrastructure Security Agency CISA
B
Blog RSS Feed

Vulnerabilities – ThreatDown by Malwarebytes

June 2025 Microsoft Patch Tuesday fixes two zero-days April 2025 Patch Tuesday includes one zero-day March 2025 Patch Tuesday, severity over quantity What is Cross-Site Scripting (XSS)? - ThreatDown by Malwarebytes Hybrid cloud environments are not safe from ransomware Windows MSHTML vulnerability actively exploited - ThreatDown by Malwarebytes Update now! Critical CVSS 10 vulnerability in Ivanti EPM - ThreatDown by Malwarebytes Update now! Four zero-days fixed in September Patch Tuesday - ThreatDown by Malwarebytes Ransomware gangs target SonicWall vulnerability
Why ransomware gangs want you to keep using that GPON router - ThreatDown by Malwarebytes
Pieter Arntz · 2024-10-23 · via Vulnerabilities – ThreatDown by Malwarebytes
GPON logo

A vulnerability found in 2018 is ranked #6 on the list of most attacked vulnerabilities.

For all the talk of artificial intelligence and zero-days, a lot of security is about doing the basics right, and the most basic of the basics is patching. It isn’t always easy (in fact, it’s often very complicated in business environments), but it’s still basic. There is no point worrying about much else if you aren’t running endpoint security and a firewall, and you don’t have a plan for staying on top of your patching.

But what if there is no patch?

It seems that is enough to keep an ancient flaw that’s—been used to spread ransomware—in the top ten most exploited vulnerabilities six years after it was first identified.

Over the last three months, a vulnerability first discovered in 2018 has held a steady sixth position in the top ten. The vulnerability, CVE-2018-10562, affects Gigabit Passive Optical Network (GPON) based routers and was found long ago by researchers, but some vendors have never released an official patch for it. The researchers that discovered the vulnerability issued an unofficial patch that disabled the router’s web server, but the patch has since been taken offline.

GPON is a leading standard of Passive Optical Networks (PONs)—a type of point-to-multipoint network technology that delivers broadband access to the end user via fiber optic cable.

The vulnerable routers were distributed by Internet Service Providers (ISPs) to households and small businesses.

Unfortunately, there are a ton of exploits for CVE-2018-10562 available in the wild, and vulnerable systems are at the mercy of voracious Mirai botnets and the Muhstik Botnet, which will use the devices for DDoS attacks and cryptomining.

But unprotected devices can also be attractive to ransomware gangs looking for a way to access small business networks, and the vulnerability is known to have been leveraged as part of a ransomware campaign.

So, without a patch ever likely to appear, what should small businesses do?

The best solution would be to replace the vulnerable router with a newer, more secure model. The Cybersecurity and Infrastructure Security Agency (CISA) recommends disconnecting Dasan GPON routers if they are still in use.

In the meantime, you should implement strict firewall rules and monitor for any suspicious activity on your network.

If you want to check whether your router is a GPON-based router, you can look for the following characteristics:

  • GPON routers typically have a fiber optic input port, often labeled as “Fiber” or “PON”.
  • The device may be labeled as an Optical Network Terminal (ONT) or Optical Network Unit (ONU).
  • Look for brands known to produce GPON equipment, such as Huawei, ZTE, Nokia, Calix, or Dasan.

If you’re unsure, you can contact your ISP for confirmation, as they would know the exact type of equipment they’ve provided or that is compatible with their network.

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in check by using ThreatDown’s Vulnerability Assessment and Patch Management solutions.