EIP-2026-101660

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101660. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in Dasan Networks GPON ONT WiFi Router H64X Series, allowing unauthorized download of backup configuration files (running.CFG and wifi.CFG) containing sensitive credentials. The PoC includes steps for authentication bypass using a crafted cookie (Grant=1) to retrieve and extract these files.

Description

Dasan Networks GPON ONT WiFi Router H64X Series - Configuration Download

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/42323

View Code ZIP pw:eip

This exploit demonstrates an information disclosure vulnerability in Dasan Networks GPON ONT WiFi Router H64X Series, allowing unauthorized download of backup configuration files (running.CFG and wifi.CFG) containing sensitive credentials. The PoC includes steps for authentication bypass using a crafted cookie (Grant=1) to retrieve and extract these files.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Dasan Networks GPON ONT WiFi Router H64X Series (Firmware: 3.02p2-1141, 2.77p1-1125, 2.77-1115, 2.76-9999, 2.76-1101, 2.67-1070, 2.45-1045)

No auth needed

Prerequisites: Network access to the router's web interface · Backup files must exist or be generated via the described CGI scripts

MITRE ATT&CK

T1552 - Unsecured Credentials T1087 - Account Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Dasan Networks GPON ONT WiFi Router H64X Series - Configuration Download

Exploitation Summary

Description

Exploits (1)

Details