CVE-2019-9974

Name: CVE-2019-9974
Creator: NVD / NIST
Published: 2019-04-11T19:29:01.503+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.92%

Last modified Jun 17, 2026

CVE-2019-9974 is a vulnerability of currently unknown severity. diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.. EPSS estimates a 2.92% chance of exploitation in the next 30 days.

Description

diag_tool.cgi on DASAN H660RM GPON routers with firmware 1.03-0022 lacks any authorization check, which allows remote attackers to run a ping command via a GET request to enumerate LAN devices or crash the router with a DoS attack.

Metrics

EPSS Probability

2.92%

85.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Dasannetworks	H660rm Firmware	1.03-0022

References

http://packetstormsecurity.com/files/152232/DASAN-H660RM-Information-Disclosure-Hardcoded-Key.htmlThird Party Advisory, VDB Entry
https://blog.burghardt.pl/2019/03/diag_tool-cgi-on-dasan-h660rm-devices-with-firmware-1-03-0022-allows-spawning-ping-processes-without-any-authorization-leading-to-information-disclosure-and-dos-attacks/Exploit, Third Party Advisory
https://seclists.org/bugtraq/2019/Mar/41Mailing List, Third Party Advisory
http://packetstormsecurity.com/files/152232/DASAN-H660RM-Information-Disclosure-Hardcoded-Key.htmlThird Party Advisory, VDB Entry
https://blog.burghardt.pl/2019/03/diag_tool-cgi-on-dasan-h660rm-devices-with-firmware-1-03-0022-allows-spawning-ping-processes-without-any-authorization-leading-to-information-disclosure-and-dos-attacks/Exploit, Third Party Advisory
https://seclists.org/bugtraq/2019/Mar/41Mailing List, Third Party Advisory

Timeline

Published: Apr 11, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-9974?

How severe is CVE-2019-9974?

Severity scoring for CVE-2019-9974 is pending analysis. The EPSS model estimates a 2.92% probability of exploitation in the next 30 days.

How do I fix CVE-2019-9974?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-9974?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST