CVE-2015-2055

Zhone GPON 2520 R4.0.2.566b - Denial of Service via Old Password Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2055. PoCs published by Kaczinski Ramirez.

AI-analyzed exploit summary This exploit targets a Denial of Service (DoS) vulnerability in GPON Zhone R4.0.2.566b by sending increasingly large buffers to the login form, causing the device to crash. The script uses HTTP POST requests to flood the target with data until it becomes unresponsive.

Description

Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter.

Exploits (1)

exploitdb WORKING POC

by Kaczinski Ramirez · pythondoshardware

https://www.exploit-db.com/exploits/35859

View Code ZIP pw:eip

This exploit targets a Denial of Service (DoS) vulnerability in GPON Zhone R4.0.2.566b by sending increasingly large buffers to the login form, causing the device to crash. The script uses HTTP POST requests to flood the target with data until it becomes unresponsive.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: GPON Zhone R4.0.2.566b

No auth needed

Prerequisites: Network access to the target device · Python environment with httplib2 library

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/35859

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/74876

Scores

EPSS 0.0303

EPSS Percentile 85.8%

Details

CWE

CWE-20

Status published

Products (1)

zhone_technologies/gpon_2520_firmware r4.0.2.566b

Published Feb 23, 2015

Tracked Since Feb 18, 2026