# Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) # Author: LiquidWorm # Date: 2018-05-21 # Vendor: Ecessa Corporation # Product web page: https://www.ecessa.com # Affected version: 10.7.4, 10.6.9, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 # Tested on: lighttpd/1.4.35 # Summary: Internet Failover and Load Balancing for Small Businesses, Stores # and Branch Offices. # Desc: The application interface allows users to perform certain actions via # HTTP requests without performing any validity checks to verify the requests. # This can be exploited to perform certain actions with administrative privileges # if a logged-in user visits a malicious web site.