Description
V-SOL GPON/EPON OLT Platform v2.03 contains an open redirect vulnerability in the script that allows attackers to manipulate the 'parent' GET parameter. Attackers can craft malicious links that redirect logged-in users to arbitrary websites by exploiting improper input validation in the redirect mechanism.
Problem types
URL Redirection to Untrusted Site ('Open Redirect')
Product status
V2.03.54R
V2.03.52R
V2.03.49
V2.03.47
V2.03.40
V2.03.26
V2.03.24
V1.8.6
V1.4
Credits
LiquidWorm as Gjoko Krstic of Zero Science Lab
References
www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5535.php (Zero Science Lab Vulnerability Advisory)
packetstormsecurity.com/files/154628 (Packet Storm Security Exploit Entry)
exchange.xforce.ibmcloud.com/vulnerabilities/167772 (IBM X-Force Vulnerability Exchange)
cxsecurity.com/issue/WLB-2019090193 (CXSecurity Vulnerability Database Entry)
www.vsolcn.com/ (VSOL Vendor Homepage)