The Unified WEBUI application on ONT/Beacon devices is vulnerable to authenticated command execution, posing a significant risk to network infrastructure integrity.

The vulnerability exists due to improper validation of user-supplied input within the WEBUI management interface. An authenticated attacker can leverage this flaw to trigger system-level command execution on the underlying operating system of the device.

The impact of this vulnerability is severe, as reflected by its CVSS score of 8.8. An attacker with valid credentials could gain full control over the ONT/Beacon device, leading to unauthorized network configuration changes, data interception, or a complete denial of service for connected clients. For service providers, this could result in significant operational disruption and a loss of customer trust.

Immediate Action: Update the device firmware to the latest version provided by the manufacturer to patch the input handling logic.

Proactive Monitoring: Audit management logs for the WEBUI to identify any unusual command execution patterns or unauthorized administrative logins.

Compensating Controls: Limit access to the WEBUI management interface to a dedicated management VLAN and enforce strong multi-factor authentication for all administrative accounts.

Public Exploit Available: false

This vulnerability represents a critical risk to the management plane of networking hardware. Security teams must ensure that all ONT/Beacon devices are updated immediately. Furthermore, the principle of least privilege should be applied to all WEBUI accounts to minimize the potential attack surface.