GCOM EPON 1GE ONU Session Hijacking Vulnerability

Vulnerability

A session hijacking vulnerability has been identified in the GCOM EPON 1GE ONU model, specifically in the C00R371V00B01 firmware version. The issue arises from improper session management in the web management interface, where the application relies solely on the client's IP address for session identification. This lack of secure session cookies or tokens allows an attacker on the local network to spoof the IP address of an authenticated user, gaining unauthorized access to the administrative interface and the ability to perform arbitrary actions without valid credentials.

Impact

Exploitation of this vulnerability allows for session hijacking, enabling unauthorized users to access the administrative interface and perform actions as if they were the authenticated user.

Added: Feb 23, 2026, 9:28 PM

Updated: Feb 23, 2026, 9:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

3.5

remediation

0.0

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GCOM EPON 1GE ONU Session Hijacking Vulnerability

Vulnerability

Impact

Affected Products

GCOM EPON 1GE ONU

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating