This exploit demonstrates an information disclosure vulnerability in Dasan Networks GPON ONT WiFi Router H64X Series, allowing unauthorized download of backup configuration files (running.CFG and wifi.CFG) containing sensitive credentials. The PoC includes steps for authentication bypass using a crafted cookie (Grant=1) to retrieve and extract these files.
Classification
Working Poc 100%
Target:
Dasan Networks GPON ONT WiFi Router H64X Series (Firmware: 3.02p2-1141, 2.77p1-1125, 2.77-1115, 2.76-9999, 2.76-1101, 2.67-1070, 2.45-1045)
No auth needed
Prerequisites:
Network access to the router's web interface · Backup files must exist or be generated via the described CGI scripts