Full title: ActionTec C1000A Modem/Router XSS and arbitrary CSRF Vulnerabilities 
Category: web applications
Platform: hardware
This moden and router, like most, is a sea filled with CSRF and XSS exploits.
If the user is logged in to the modem (say, an administrator), a specific link can be crafted to execute arbitrary web UI commands.
The addition of the XSS is really just a bonus allowing for more complex vectors.

The primary action script, http://192.168.0.1/scvrtsrv.cmd has no checking on commands sent to it so it will accept any command.

# 0day.today @ http://0day.today/