V-SOL GPON/EPON OLT Platform Cross-Site Request Forgery Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in V-SOL GPON/EPON OLT Platform version 2.03. This vulnerability allows attackers to perform administrative actions without the user's consent. By tricking authenticated administrators into visiting a malicious webpage, attackers can create admin users, enable SSH, or alter system settings.

Impact

Exploitation of this vulnerability could lead to unauthorized administrative actions being performed on the affected OLT platform.

Reproduction

To exploit this vulnerability, an attacker must craft a malicious webpage that, when visited by an authenticated administrator, sends a POST request to the OLT's user management or SSH configuration endpoint. The request must include the necessary parameters to add a new admin user or enable SSH, effectively bypassing normal authentication checks.