<HTML><HEAD></HEAD>
<BODY dir=ltr>
<DIV dir=ltr>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">
<DIV> </DIV>
<DIV>Desgraciadamente son vulnerables.... las Zhone puede que tambien (ya
levanté un caso).</DIV>
<DIV> </DIV>
<DIV>Nosotros por suerte tenemos un bridge aislado de datos con otra VLan y la
administracion de las ONUs esta volcado a ese puerto, por lo tanto la
administración no esta en el canal de datos, no obstante si levantas un CPE
Manager a una ONU cualquiera y entras via forwarder del puerto correspondiente a
la OLT, podes acceder al /images sin validacion.... <IMG
class="wlEmoticon wlEmoticon-sadsmile"
style="BORDER-TOP-STYLE: none; BORDER-BOTTOM-STYLE: none; BORDER-RIGHT-STYLE: none; BORDER-LEFT-STYLE: none"
alt=Triste src="cid:33042C0C091F4611BBB83F0C9FE09BE7@josePC"> (obviamente
no encuentra el archivo porque no esta apuntado)</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><IMG title="Zhone Vulnerable"
style="BORDER-TOP: 0px; BORDER-RIGHT: 0px; BACKGROUND-IMAGE: none; BORDER-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; BORDER-LEFT: 0px; DISPLAY: inline; PADDING-RIGHT: 0px"
border=0 alt="Zhone Vulnerable"
src="cid:E3E1430EABB4407E81F4C4863718AA62@josePC" width=339 height=248></DIV>
<DIV> </DIV>
<DIV>Saludos</DIV>
<DIV> </DIV>
<DIV style="FONT-SIZE: 12pt; FONT-FAMILY: 'Calibri'; COLOR: #000000">Ing. Jose
Luis Gaspoz<BR>Internet Services S.A.<BR>Tel: 0342-4565118<BR>Cel:
342-5008523</DIV>
<DIV
style='FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; DISPLAY: inline'>
<DIV style="FONT: 10pt tahoma">
<DIV> </DIV>
<DIV style="BACKGROUND: #f5f5f5">
<DIV style="font-color: black"><B>From:</B> <A title=andy.bayres@gmail.com
href="mailto:andy.bayres@gmail.com">Andres P</A> </DIV>
<DIV><B>Sent:</B> Friday, May 04, 2018 2:26 PM</DIV>
<DIV><B>To:</B> <A title=lista@arnog.com.ar
href="mailto:lista@arnog.com.ar">lista@arnog.com.ar</A> </DIV>
<DIV><B>Subject:</B> [Lista ArNOG] Over a Million Dasan Routers Vulnerable to
RemoteHacking</DIV></DIV></DIV>
<DIV> </DIV></DIV>
<DIV
style='FONT-SIZE: small; TEXT-DECORATION: none; FONT-FAMILY: "Calibri"; FONT-WEIGHT: normal; COLOR: #000000; FONT-STYLE: normal; DISPLAY: inline'>
<DIV>
<DIV>Para vuestra información por si alguien de la lista compra estas ONUs
chinas. </DIV>
<DIV> </DIV>
<DIV>Saludos Andres Pugawko <BR><BR>
<DIV class=gmail_quote>
<DIV dir=ltr>---------- Forwarded message ---------<BR>From: Lucimara Desiderá
<<A href="mailto:lucimara@cert.br">lucimara@cert.br</A>><BR>Date: vie., 4
de may. de 2018 1:56 p.m.<BR>Subject: [lacnog] Over a Million Dasan Routers
Vulnerable to Remote Hacking<BR>To: <<A
href="mailto:seguridad@lacnic.net">seguridad@lacnic.net</A>>, Latin America
and Caribbean Region Network Operators Group <<A
href="mailto:lacnog@lacnic.net">lacnog@lacnic.net</A>><BR></DIV><BR><BR><A
href="https://www.securityweek.com/over-million-dasan-routers-vulnerable-remote-hacking"
rel="noreferrer noreferrer"
target=_blank>https://www.securityweek.com/over-million-dasan-routers-vulnerable-remote-hacking</A><BR><BR>Over
a Million Dasan Routers Vulnerable to Remote Hacking<BR>By Eduard Kovacs on May
02, 2018<BR><BR><BR>Researchers have disclosed the details of two unpatched
vulnerabilities<BR>that expose more than one million home routers made by South
Korea-based<BR>Dasan Networks to remote hacker attacks.<BR><BR>In a blog post
published on Monday, vpnMentor revealed that many<BR>Gigabit-capable Passive
Optical Network (GPON) routers, which are used<BR>to provide fiber-optic
Internet, are affected by critical<BR>vulnerabilities. The company told
SecurityWeek that the impacted devices<BR>are made by Dasan Networks.<BR><BR>One
of the flaws, tracked as CVE-2018-10561, allows a remote attacker to<BR>bypass a
router’s authentication mechanism simply by appending the<BR>string “?images/”
to a URL in the device’s web interface.<BR><BR>The second vulnerability,
identified as CVE-2018-10562, allows an<BR>authenticated attacker to inject
arbitrary commands.<BR><BR>By combining the two security holes, a remote and
unauthenticated<BR>attacker can take complete control of a vulnerable device and
possibly<BR>the entire network, vpnMentor said. The company has published a
video<BR>showing how the attack works:<BR><BR>A Shodan search shows that there
are more than one million GPON home<BR>routers exposed to the Internet, a
majority located in Mexico (480,000),<BR>Kazakhstan (390,000), and Vietnam
(145,000).<BR><BR>“Depending on what the attacker wants to achieve, he can be
spying on<BR>the user and any connected device (TV, phones, PC and even speakers
like<BR>Amazon Echo). Also he can inject malware into the browser which
means<BR>even when you leave your home network your device would be hacked
now,”<BR>Ariel Hochstadt, co-founder of vpnMentor, told SecurityWeek. “If
the<BR>hacker is resourceful (government etc) he can enable advanced
spear<BR>phishing attacks, and even route criminal activities through
exploited<BR>routers (Imagine the FBI knocks on your door telling you they
saw<BR>someone in your house using your IP address and selling stolen
credit<BR>card numbers on the dark web).”<BR><BR>vpnMentor said it did try to
report its findings to Dasan before making<BR>any information public, but it did
not receive a response. Dasan<BR>representatives, specifically a PR agency,
reached out to vpnMentor on<BR>LinkedIn after its blog post was
published.<BR><BR>While in some cases Dasan has shown interest in working with
researchers<BR>who discovered vulnerabilities in its products, there are
some<BR>advisories online describing potentially critical issues that the
vendor<BR>has apparently ignored.<BR><BR>Malicious actors have been known to
target Dasan devices. Researchers<BR>reported recently that the Satori botnet
had ensnared thousands of Dasan<BR>routers by exploiting a remote code execution
vulnerability. The flaw in<BR>question was disclosed in December 2017 by Beyond
Security, which<BR>claimed the vendor had ignored repeated attempts to report
the issue.<BR><BR>This is not the first time vpnMentor reports finding
vulnerabilities in<BR>network devices. Last month, the company disclosed the
details of an<BR>unpatched command injection vulnerability that can be exploited
to take<BR>control of network-attached storage (NAS) devices from
LG.<BR>_______________________________________________<BR>LACNOG mailing
list<BR><A href="mailto:LACNOG@lacnic.net" rel=noreferrer
target=_blank>LACNOG@lacnic.net</A><BR><A
href="https://mail.lacnic.net/mailman/listinfo/lacnog"
rel="noreferrer noreferrer"
target=_blank>https://mail.lacnic.net/mailman/listinfo/lacnog</A><BR>Cancelar
suscripcion: <A href="https://mail.lacnic.net/mailman/options/lacnog"
rel="noreferrer noreferrer"
target=_blank>https://mail.lacnic.net/mailman/options/lacnog</A><BR></DIV></DIV></DIV>
<DIV id=DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2><BR>
<TABLE style="BORDER-TOP: #d3d4de 1px solid; COLOR: #000000">
<TBODY>
<TR>
<TD style="WIDTH: 55px; PADDING-TOP: 18px"><A
href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
target=_blank><IMG style="HEIGHT: 29px; WIDTH: 46px" alt=""
src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-green-avg-v1.png"
width=46 height=29></A></TD>
<TD
style="FONT-SIZE: 13px; FONT-FAMILY: arial, helvetica, sans-serif; WIDTH: 470px; COLOR: #41424e; PADDING-TOP: 17px; LINE-HEIGHT: 18px">Libre
de virus. <A style="COLOR: #4453ea"
href="http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient"
target=_blank>www.avg.com</A> </TD></TR></TBODY></TABLE></DIV>
<P>
<HR>
_______________________________________________<BR>Lista mailing
list<BR>Lista@arnog.com.ar<BR>http://mailmancabase.interdotnet.com.ar/mailman/listinfo/lista<BR></DIV></DIV></DIV></BODY></HTML>