"... A few days ago, we released details of two unpatched critical authentication bypass and root-RCE vulnerabilities we found on very widespread GPON Routers. The vulnerabilities, as we outlined, affects over a million users
and is easily accessible through sites like Shodan and ZoomEye.
Shortly after our initial discovery, we contacted the responsible parties. Unfortunately, a patch was not available, and it didn’t seem to be in development either
. So, we released the details to inform the affected users of the risks involved in using these modems.
However, we noticed (thanks to 360 Netlab) that attackers began exploiting both these vulnerabilities (CVE-2018-10561 & CVE-2018-10562) to add the affected devices and their networks into their botnets. To prevent more attacks, we took matters into our hands. We are releasing a user-friendly patch below