Monday, November 25, 2013

[webapps] - TPLINK WR740N/WR740ND - Multiple CSRF Vulnerabilities

Do you want to share?

Do you like this story?

ad


# Exploit Title: TPLINK WR740N Multiple CSRF Vulnerabilities


# Date: 11/24/2013


# Author: SaMaN( @samanL33T )


# Vendor Homepage: http://tplink.com


# Category: Hardware/Wireless Router


# Firmware Version: 3.16.6 Build 130529 Rel.47286n and below


# Tested on: WR740N/WR740ND (May be possible on other models)--------------------------------------------------- Technical Details~~~~~~~~~~~~~~~~~~TPLINK WIreless Router WR740N has a Cross Site Request Forgery Vulnerability in its Web Console. Attacker can easily change Wireless password,Reboot Router,Change Settings by simply making the user visit a CSRF link.Application uses "HTTP-REFERER" check functionality to check for CSRF attacks. But it can easily be bypassed using the "Referer" parameter with value set to target's I.P in the GET request.Exploit Code ~~~~~~~~~~~~~Change WPA/WPA2 password by CSRF~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#For Changing the Security to Open WEP, simply change "secType" value to 1.Reboot Router by CSRF~~~~~~~~~~~~~~~~~~~~~
Factory Reset the Router~~~~~~~~~~~~~~~~~~~~~~~~
--SaMaNtwitter : @samanL33T

View the original article here

Posted by Abonk at 7:51 AM
Labels: , , , ,

YOU MIGHT ALSO LIKE

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Advertisements

Advertisements