For all the talk of artificial intelligence and zero-days, a lot of security is about doing the basics right, and the most basic of the basics is patching. It isn’t always easy (in fact, it’s often very complicated in business environments), but it’s still basic. There is no point worrying about much else if you aren’t running endpoint security and a firewall, and you don’t have a plan for staying on top of your patching.

But what if there is no patch?

It seems that is enough to keep an ancient flaw that’s—been used to spread ransomware—in the top ten most exploited vulnerabilities six years after it was first identified.

Over the last three months, a vulnerability first discovered in 2018 has held a steady sixth position in the top ten. The vulnerability, CVE-2018-10562, affects Gigabit Passive Optical Network (GPON) based routers and was found long ago by researchers, but some vendors have never released an official patch for it. The researchers that discovered the vulnerability issued an unofficial patch that disabled the router’s web server, but the patch has since been taken offline.

GPON is a leading standard of Passive Optical Networks (PONs)—a type of point-to-multipoint network technology that delivers broadband access to the end user via fiber optic cable.

The vulnerable routers were distributed by Internet Service Providers (ISPs) to households and small businesses.

Unfortunately, there are a ton of exploits for CVE-2018-10562 available in the wild, and vulnerable systems are at the mercy of voracious Mirai botnets and the Muhstik Botnet, which will use the devices for DDoS attacks and cryptomining.

But unprotected devices can also be attractive to ransomware gangs looking for a way to access small business networks, and the vulnerability is known to have been leveraged as part of a ransomware campaign.

So, without a patch ever likely to appear, what should small businesses do?

The best solution would be to replace the vulnerable router with a newer, more secure model. The Cybersecurity and Infrastructure Security Agency (CISA) recommends disconnecting Dasan GPON routers if they are still in use.

In the meantime, you should implement strict firewall rules and monitor for any suspicious activity on your network.

If you want to check whether your router is a GPON-based router, you can look for the following characteristics:

• GPON routers typically have a fiber optic input port, often labeled as “Fiber” or “PON”.
• The device may be labeled as an Optical Network Terminal (ONT) or Optical Network Unit (ONU).
• Look for brands known to produce GPON equipment, such as Huawei, ZTE, Nokia, Calix, or Dasan.

If you’re unsure, you can contact your ISP for confirmation, as they would know the exact type of equipment they’ve provided or that is compatible with their network.

---

We don’t just report on vulnerabilities—we identify them, and prioritize action.

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in check by using ThreatDown’s Vulnerability Assessment and Patch Management solutions.