JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities

Title: JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities
Advisory ID: ZSL-2022-5708
Type: Local/Remote
Impact: Cross-Site Scripting, Spoofing, System Access
Risk: (4/5)
Release Date: 14.06.2022

Summary

This ONU is the perfect GEPON home and business gateway. It is an all-rounder in perfection. It can BRIDGE/NAT/RIP ROUTEND and COMBINED.

Description

The device suffers from multiple vulnerabilities including: Default Credentials, CSRF, Authenticated Stored XSS and Open Redirect.

Vendor

JM-DATA GmbH - https://www.jm-data.at

Affected Version

1.0.67
1.0.62
1.0.55

Tested On

Boa/0.93.15

Vendor Status

N/A

PoC

jm_data-JF511-TV_info.txt

Credits

Vulnerability discovered by Neurogenesia - <[email protected]>

References

N/A

Changelog

[14.06.2022] - Initial release

Contact

Zero Science Lab

Web: https://www.zeroscience.mk
e-mail: [email protected]