vendor:
m0n0wall
by:
Yann CAM
7,5
CVSS
HIGH
CSRF Remote root Access
352
CWE
Product Name: m0n0wall
Affected Version From: 1.33
Affected Version To: 1.33
Patch Exists: YES
Related CWE: N/A
CPE: a:m0n0wall:m0n0wall
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: FreeBSD
2012
m0n0wall 1.33 CSRF Remote root Access
In version 1.33 of the m0n0wall firewall/router distribution, differents vulnerabilities CSRF RCE reverse root shell can be used. Two proof of concepts are provided, one with command execution and one without. The exploit can be used to reset the WebGUI admin password to admin/mono.
Mitigation:
It is strongly advised to update to version 1.34 available now.
