# Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Cross-Site Request Forgery (CSRF) # Date: 15/01/2019 # Exploit Author: Kumar Saurav # Vendor: ChinaMobile # Category: Hardware # Version: GPN2.4P21-C-CN (Firmware: W2001EN-00) # Tested on: Windows # CVE : CVE-2019-6282 #Description: ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have CSRF vulnerability via the cgi-bin/webproc?getpage=html/index.html subpage=wlsecurity URI, allowing an Attacker to change the Wireless Security Password. #Reproduction Steps: Note: This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated. Step 1: User login to PLC wireless router Step 2: User visits the attacker's malicious web page (PLC_CSRF.html) Step 3: PLC_CSRF.html exploits CSRF vulnerability and changes the wireless Security (WPA/WPA2) key to "PSWDmatlo331#@!" Step 4: (192.168.59.254 in my Case)