Full title: ActionTec C1000A Modem/Router XSS and arbitrary CSRF Vulnerabilities Category: web applications Platform: hardware This moden and router, like most, is a sea filled with CSRF and XSS exploits. If the user is logged in to the modem (say, an administrator), a specific link can be crafted to execute arbitrary web UI commands. The addition of the XSS is really just a bonus allowing for more complex vectors. The primary action script, http://192.168.0.1/scvrtsrv.cmd has no checking on commands sent to it so it will accept any command. # 0day.today @ http://0day.today/