关键信息 Title: JM-DATA ONU JF511-TV Multiple Remote Vulnerabilities Advisory ID: ZSL-2022-5708 Type: Local/Remote Impact: Cross-Site Scripting, Spoofing, System Access Risk: 4/5 Release Date: 14.06.2022 Summary This ONU is the perfect GEPON home and business gateway. It can BRIDGE/NAT/RIP ROUTEND and COMBINED. Description The device suffers from multiple vulnerabilities including: Default Credentials, CSRF, Authenticated Stored XSS and Open Redirect. Vendor JM-DATA GmbH - Affected Version 1.0.67 1.0.62 1.0.55 Tested On Boa/0.93.15 Vendor Status N/A PoC jm_data-JF511-TV_info.txt Credits Vulnerability discovered by Neurogenesis - References [1] [2] [3] [4] [5] [6] Changelog [14.06.2022] - Initial release [21.06.2022] - Added reference [1] [23.06.2022] - Added reference [2], [3], [4], [5] and [6]