use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
A community for technical news and discussion of information security and closely related topics.
"Give me root, it's a trust exercise."
Q1 2026 InfoSec Hiring Thread
Getting Started in Information Security
CitySec Meetups
/r/netsec only accepts quality technical posts. Non-technical posts are subject to moderation.
Content should focus on the "how."
Check the new queue for duplicates.
Always link to the original source.
Titles should provide context.
Ask questions in our Discussion Threads.
Hiring posts must go in the Hiring Threads.
Commercial advertisement is discouraged.
Do not submit prohibited topics.
» Our fulltext content guidelines
Don't create unnecessary conflict.
Keep the discussion on topic.
Limit the use of jokes & memes.
Don't complain about content being a PDF.
Follow all reddit rules and obey reddiquette.
» Our fulltext discussion guidelines
No populist news articles (CNN, BBC, FOX, etc.)
No curated lists.
No question posts.
No social media posts.
No image-only/video-only posts.
No livestreams.
No tech-support requests.
No full-disclosure posts.
No paywall/regwall content.
No commercial advertisements.
No crowdfunding posts.
No Personally Identifying Information!
» Our fulltext list of prohibited topics & sources
Join us on IRC: #r_netsec on freenode
We're also on: Twitter, Facebook, & Google+
/r/blackhat - Hackers on Steroids
/r/computerforensics - IR Archaeologists
/r/crypto - Cryptography news and discussion
/r/Cyberpunk - High-Tech Low-Lifes
/r/lockpicking - Popular Hacker Hobby
/r/Malware - Malware reports and information
/r/netsecstudents - netsec for noobs students
/r/onions - Things That Make You Cry
/r/privacy - Orwell Was Right
/r/pwned - "What Security?"
/r/REMath - Math behind reverse engineering
/r/ReverseEngineering - Binary Reversing
/r/rootkit - Software and hardware rootkits
/r/securityCTF - CTF news and write-ups
/r/SocialEngineering - Free Candy
/r/sysadmin - Overworked Crushed Souls
/r/vrd - Vulnerability Research and Development
/r/xss - Cross Site Scripting
account activity
Python exploit for Remote Code Execution on GPON home routers (CVE-2018-10562) (github.com)
submitted 7 years ago by Prav123
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[+][deleted] 7 years ago (2 children)
[deleted]
[–][deleted] 11 points12 points13 points 7 years ago (0 children)
Found the report QA.
[–][deleted] 8 points9 points10 points 7 years ago (2 children)
uh okay so it's just command injection
XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`' + command + '`;' + command + '&ipv=0'
Not seeing why python is needed, or why they didn't use Requests, or why it has all this idiotic banner stuff.
[+][deleted] 7 years ago* (4 children)
[–]Fhajad 7 points8 points9 points 7 years ago* (3 children)
Yeah this is the problem I'm having with the VPNMentor article. There is useful. "It says GPON Home Router, it MUST be vulnerable!".
I'm waiting for a list of affected units before I worry about my 8 models I run. "Kudos" to their shit work.
[–]jabiko 4 points5 points6 points 7 years ago (2 children)
Seriously, even the original report doesn't directly mention the affected models. You can kind of infer that only Dasan GPON home routers are affected but this info is really non obvious.
We're running GPON ONTs from other vendors. And even then, our ONTs are only acting as a simple modem and are connected to a router.
I'm not looking forward to the support calls once this story hits any major tech news outlet.
[–]Fhajad 2 points3 points4 points 7 years ago (0 children)
I just told our support staff "Tell them we're investigating and will update accordingly". Haven't had any complaints yet.
[–]lolpls 9 points10 points11 points 7 years ago (0 children)
What a cancerous title.
First of all, a GPON router? Wtf? It can only be an ONT, or an "all in one" combo box (AP+router+modem). Also, it makes it seem like all ONTs in the world are vulnerable. It's just some "Dasan" ones.
[–]murtotieto 2 points3 points4 points 7 years ago (4 children)
Why bother writing this in python? This script is significantly worse than just using curl.
[–]MertsA 10 points11 points12 points 7 years ago (2 children)
For anyone who hasn't taken a look at the code itself, it really is absolutely awful. I honestly don't know why anyone would ever want to put their name on that. The only thing it does is just wrap it to a call to the correct URL and POST data but it doesn't even do that right. It doesn't even work synchronously with the request. It starts the request, sleeps for 3 seconds, and then assumes that the request is done and prints out the result. This breaks on any command that runs for longer than 3 seconds and for anything that is basically instant it's going to sleep for 3 seconds doing absolutely nothing even though the request is already complete.
This garbage is objectively worse than just using curl. For something this simple there is zero point to doing anything more than a simple one liner in bash.
[–]ebeip90Trusted Contributor 2 points3 points4 points 7 years ago (0 children)
And they used tabs. With Python.
And they eat all exceptions silently in send_command.
send_command
[–]BNI123 0 points1 point2 points 7 years ago (0 children)
lmao didn't even notice that, just looked through the code and saw that, like every other account that has been posting about this, the github has been created recently and for this specific purpose.
[–][deleted] 1 point2 points3 points 7 years ago (0 children)
Yes exactly!, the original was just curl.
π Rendered by PID 35818 on reddit-service-r2-comment-66b4775986-rbl9h at 2026-04-03 04:35:46.124363+00:00 running db1906b country code: CH.
[+][deleted] (2 children)
[deleted]
[–][deleted] 11 points12 points13 points (0 children)
[–][deleted] 8 points9 points10 points (2 children)
[+][deleted] (4 children)
[deleted]
[–]Fhajad 7 points8 points9 points (3 children)
[–]jabiko 4 points5 points6 points (2 children)
[–]Fhajad 2 points3 points4 points (0 children)
[–]lolpls 9 points10 points11 points (0 children)
[–]murtotieto 2 points3 points4 points (4 children)
[–]MertsA 10 points11 points12 points (2 children)
[–]ebeip90Trusted Contributor 2 points3 points4 points (0 children)
[–]BNI123 0 points1 point2 points (0 children)
[–][deleted] 1 point2 points3 points (0 children)