# Exploit Title: AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password) # Date: 2018-06-23 # Exploit Author: Wadeek # Vendor Homepage: https://www.asus.com/ # Firmware Link: http://dlcdnet.asus.com/pub/ASUS/wireless/RT-AC750GF/FW_RT_AC750GF_30043806038.zip # Firmware Version: 3.0.0.4.380.6038 # Tested on: ASUS RT-AC750GF with default firmware version 3.0.0.4.380.6038 # (Cross Site Scripting -> URL Redirecting -> Cross-Site Request Forgery {Cookie: asus_token} # -> Change the router login password and enable SSH daemon)

Proof Of Concept