GCOM EPON 1GE Privilege Escalation Vulnerability Allowing Unauthorized Access to Administrator Settings and Credentials

Vulnerability

A privilege escalation vulnerability has been identified in GCOM EPON 1GE, version C00R371V00B01. This issue arises from improper access control, which enables remote authenticated users to alter settings reserved for administrators through the web interface and API. Furthermore, the device's backup feature inadvertently reveals an unencrypted configuration file containing sensitive information, including administrator passwords. By exploiting these weaknesses, a low-privileged user can gain full administrative rights on the device.

Impact

Exploitation of this vulnerability allows low-privileged users to gain unauthorized administrative access by modifying restricted settings and extracting sensitive credentials from an unencrypted backup file.

Added: Feb 24, 2026, 4:42 PM

Updated: Feb 24, 2026, 10:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GCOM EPON 1GE Privilege Escalation Vulnerability Allowing Unauthorized Access to Administrator Settings and Credentials

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating