EIP-2026-101661

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101661. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Dasan Networks GPON ONT WiFi Router H64X Series. It allows an attacker to enable telnet access, disable web blocking, and increase session timeout by tricking an authenticated user into submitting malicious HTTP requests.

Description

Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/42321

View Code ZIP pw:eip

This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Dasan Networks GPON ONT WiFi Router H64X Series. It allows an attacker to enable telnet access, disable web blocking, and increase session timeout by tricking an authenticated user into submitting malicious HTTP requests.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Dasan Networks GPON ONT WiFi Router H64X Series (Firmware versions: 3.03p1-1145, 3.03-1144-01, 3.02p2-1141, 2.77p1-1125, 2.77-1115, 2.76-9999, 2.76-1101, 2.67-1070, 2.45-1045)

Auth required

Prerequisites: Authenticated user session on the target router · Victim must visit a malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Dasan Networks GPON ONT WiFi Router H64X Series - Cross-Site Request Forgery

Exploitation Summary

Description

Exploits (1)

Details