CVE-2019-25237
Privilege Escalation in V-SOL GPON/EPON OLT via User Role Manipulation
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| v-solution | gpon_epon_olt_platform | 2.03.24 |
| v-solution | gpon_epon_olt_platform | 2.03.62r_ipv6 |
| v-solution | gpon_epon_olt_platform | 1.4 |
| v-solution | gpon_epon_olt_platform | 2.03.40 |
| v-solution | gpon_epon_olt_platform | 2.03.52r |
| v-solution | gpon_epon_olt_platform | 2.03.54r |
| v-solution | gpon_epon_olt_platform | 2.03 |
| v-solution | gpon_epon_olt_platform | 2.03.47 |
| v-solution | gpon_epon_olt_platform | 2.03.26 |
| v-solution | gpon_epon_olt_platform | 2.03.49 |
| v-solution | gpon_epon_olt_platform | 1.8.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the V-SOL GPON/EPON OLT Platform version 2.03, where a normal authenticated user can escalate their privileges to administrative level by sending a crafted HTTP POST request to the user management endpoint. Specifically, by setting the 'user_role_mod' parameter to the integer value '1' in the request, the system improperly grants admin rights without proper authorization checks. [2, 3]
How can this vulnerability impact me? :
An attacker who exploits this vulnerability can gain administrative access to the V-SOL GPON/EPON OLT device remotely. This allows them to control the device, potentially altering configurations, disrupting services, or accessing sensitive network information. Since the device is used in broadband access technology for FTTH deployments and supports critical applications like VPN, IP cameras, and enterprise LANs, the impact can be significant, including network compromise and service disruption. [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP POST requests to the user management endpoint (e.g., http://<device-ip>/action/user.html) and checking for the parameter 'user_role_mod' set to the integer value '1'. A practical detection method is to capture and analyze HTTP traffic to identify such crafted POST requests. For example, using curl to test the vulnerability: curl -X POST -d 'user_role_mod=1&other_params=...' http://<device-ip>/action/user.html. Additionally, network monitoring tools or intrusion detection systems can be configured to alert on POST requests containing 'user_role_mod=1'. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the device's web management interface to trusted users only, implementing network-level access controls such as firewall rules to limit HTTP POST requests to the user management endpoint, and monitoring for suspicious POST requests with 'user_role_mod=1'. If possible, apply any available patches or updates from the vendor to fix the privilege escalation vulnerability. Additionally, educating users to avoid visiting untrusted websites while logged into the device can reduce risk from malicious crafted requests. [2, 3]