Lucene search
K

Huawei HG510 Cross Site Request Forgery

🗓️ 17 Feb 2010 00:00:00Reported by Ivan MarkovicType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 24 Views

Vulnerability in Huawei HG510 Allows CSRF Attack and Authentication Bypass

Code
`Hello,  
  
  
Huawei HG510 is a device offered by the Serbian telecom operator, to provide ADSL Internet connection.  
Administration of settings on this device is allowed only from local LAN network but not only from  
private IP address (eg 192.168.1.1) then You can access with public IP address (only from local LAN again).  
  
There is no CSRF protection so we can create malicious web pages and create some CSRF attacks.  
Is user is logged on his device we can change passwords or some another settings.  
  
POC:  
  
http://PUBLIC_IP_OF_USER/password.cgi?sysPassword=BASE64_NEW_PASSWORD  
  
  
When I testing this I found one strange behavior with /rebootinfo.cgi (reboot device script).  
Normaly for all this CSRF user must be logged into device web interface but if we request:   
http://PUBLIC_IP_OF_USER/rebootinfo.cgi, basic authentication is bypassed and device  
is rebooted.  
  
So we have CSRF + Authentication Bypass that lead to DoS of end user.  
  
If someone have any questions about this please contact me.  
  
  
Best regards,  
Ivan Markovic  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Feb 2010 00:00Current
0.7Low risk
Vulners AI Score0.7
24