Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for GPON/EPON OLT Platform by Guangzhou V-SOLUTION Electronic Technology

    CVE-2019-25239 (GCVE-0-2019-25239)

    Vulnerability from nvd – Published: 2025-12-24 19:27 – Updated: 2025-12-24 20:23
    VLAI
    Title
    V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download
    Summary
    V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    Impacted products
    Vendor Product Version
    Guangzhou V-SOLUTION Electronic Technology GPON/EPON OLT Platform Affected: V2.03.62R_IPv6
    Affected: V2.03.54R
    Affected: V2.03.52R
    Affected: V2.03.49
    Affected: V2.03.47
    Affected: V2.03.40
    Affected: V2.03.26
    Affected: V2.03.24
    Affected: V1.8.6
    Affected: V1.4
    Create a notification for this product.
    Date Public
    2019-09-27 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-25239",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-24T20:04:48.457067Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-24T20:23:32.107Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5534.php"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.exploit-db.com/exploits/47433"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GPON/EPON OLT Platform",
              "vendor": "Guangzhou V-SOLUTION Electronic Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "V2.03.62R_IPv6"
                },
                {
                  "status": "affected",
                  "version": "V2.03.54R"
                },
                {
                  "status": "affected",
                  "version": "V2.03.52R"
                },
                {
                  "status": "affected",
                  "version": "V2.03.49"
                },
                {
                  "status": "affected",
                  "version": "V2.03.47"
                },
                {
                  "status": "affected",
                  "version": "V2.03.40"
                },
                {
                  "status": "affected",
                  "version": "V2.03.26"
                },
                {
                  "status": "affected",
                  "version": "V2.03.24"
                },
                {
                  "status": "affected",
                  "version": "V1.8.6"
                },
                {
                  "status": "affected",
                  "version": "V1.4"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2019-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-24T19:27:57.201Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-47433",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/47433"
            },
            {
              "name": "V-SOL Official Product Homepage",
              "tags": [
                "product"
              ],
              "url": "https://www.vsolcn.com"
            },
            {
              "name": "Zero Science Lab Disclosure (ZSL-2019-5534)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5534.php"
            }
          ],
          "title": "V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2019-25239",
        "datePublished": "2025-12-24T19:27:57.201Z",
        "dateReserved": "2025-12-24T14:27:12.476Z",
        "dateUpdated": "2025-12-24T20:23:32.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2019-25239 (GCVE-0-2019-25239)

    Vulnerability from cvelistv5 – Published: 2025-12-24 19:27 – Updated: 2025-12-24 20:23
    VLAI
    Title
    V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download
    Summary
    V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    Impacted products
    Vendor Product Version
    Guangzhou V-SOLUTION Electronic Technology GPON/EPON OLT Platform Affected: V2.03.62R_IPv6
    Affected: V2.03.54R
    Affected: V2.03.52R
    Affected: V2.03.49
    Affected: V2.03.47
    Affected: V2.03.40
    Affected: V2.03.26
    Affected: V2.03.24
    Affected: V1.8.6
    Affected: V1.4
    Create a notification for this product.
    Date Public
    2019-09-27 00:00
    Credits
    LiquidWorm as Gjoko Krstic of Zero Science Lab
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-25239",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-24T20:04:48.457067Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-24T20:23:32.107Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5534.php"
              },
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://www.exploit-db.com/exploits/47433"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "GPON/EPON OLT Platform",
              "vendor": "Guangzhou V-SOLUTION Electronic Technology",
              "versions": [
                {
                  "status": "affected",
                  "version": "V2.03.62R_IPv6"
                },
                {
                  "status": "affected",
                  "version": "V2.03.54R"
                },
                {
                  "status": "affected",
                  "version": "V2.03.52R"
                },
                {
                  "status": "affected",
                  "version": "V2.03.49"
                },
                {
                  "status": "affected",
                  "version": "V2.03.47"
                },
                {
                  "status": "affected",
                  "version": "V2.03.40"
                },
                {
                  "status": "affected",
                  "version": "V2.03.26"
                },
                {
                  "status": "affected",
                  "version": "V2.03.24"
                },
                {
                  "status": "affected",
                  "version": "V1.8.6"
                },
                {
                  "status": "affected",
                  "version": "V1.4"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "LiquidWorm as Gjoko Krstic of Zero Science Lab"
            }
          ],
          "datePublic": "2019-09-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-24T19:27:57.201Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-47433",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/47433"
            },
            {
              "name": "V-SOL Official Product Homepage",
              "tags": [
                "product"
              ],
              "url": "https://www.vsolcn.com"
            },
            {
              "name": "Zero Science Lab Disclosure (ZSL-2019-5534)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5534.php"
            }
          ],
          "title": "V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2019-25239",
        "datePublished": "2025-12-24T19:27:57.201Z",
        "dateReserved": "2025-12-24T14:27:12.476Z",
        "dateUpdated": "2025-12-24T20:23:32.107Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }