# Exploit Title: TPLINK WR740N Multiple CSRF Vulnerabilities
# Date: 11/24/2013
# Author: SaMaN( @samanL33T )
# Vendor Homepage: http://tplink.com
# Category: Hardware/Wireless Router
# Firmware Version: 3.16.6 Build 130529 Rel.47286n and below
# Tested on: WR740N/WR740ND (May be possible on other models)--------------------------------------------------- Technical Details~~~~~~~~~~~~~~~~~~TPLINK WIreless Router WR740N has a Cross Site Request Forgery Vulnerability in its Web Console. Attacker can easily change Wireless password,Reboot Router,Change Settings by simply making the user visit a CSRF link.Application uses "HTTP-REFERER" check functionality to check for CSRF attacks. But it can easily be bypassed using the "Referer" parameter with value set to target's I.P in the GET request.Exploit Code ~~~~~~~~~~~~~Change WPA/WPA2 password by CSRF~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#For Changing the Security to Open WEP, simply change "secType" value to 1.Reboot Router by CSRF~~~~~~~~~~~~~~~~~~~~~
Factory Reset the Router~~~~~~~~~~~~~~~~~~~~~~~~
--SaMaNtwitter : @samanL33T
0 comments:
Post a Comment