ActionTec C1000A Modem/Router XSS and arbitrary CSRF Vulnerabilities
This moden and router, like most, is a sea filled with CSRF and XSS exploits. If the user is logged in to the modem say, an administrator, a specific link can be crafted to execute arbitrary web UI commands. The addition of the XSS is really just a bonus allowing for more complex vectors. The...