GCOM EPON 1GE ONU version C00R371V00B01 allows session hijacking

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

8.1

GCOM EPON 1GE ONU version C00R371V00B01 allows session hijacking

CVE-2025-71056

Summary

An attacker can take control of a user's internet session by pretending to be them. This can happen if the user visits a malicious website or opens a phishing email. To protect yourself, ensure you only use secure connections and avoid suspicious links or attachments.

Original title

Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user.

Original description

Improper session management in GCOM EPON 1GE ONU version C00R371V00B01 allows attackers to execute a session hijacking attack via spoofing the IP address of an authenticated user.

nvd CVSS3.1 8.1

Vulnerability type

CWE-290

http://www.szgcom.com
https://github.com/theShinigami/CVE-Disclosures/blob/main/CVE-2025-71056/README....
https://johnbai.en.made-in-china.com/product/JXnENzmlJFpv/China-H18gn-Series-Gpo...

Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026