Sitecom WLM-2501 new Multiple CSRF Vulnerabilities

The web interface of this router is affected by multiple CSRF vulnerabilities which allows to change the following device’s parameters:

    • Disable Mac Filtering
    • Disable/Modify IP/Port Filtering
    • Disable/Modify Port Forwarding
    • Disable/Modify Wireless Access Control
    • Disable Wi-Fi Protected Setup
    • Disable/Modify URL Blocking Filter
    • Disable/Modify Domain Blocking Filter
    • Disable/Modify IP Address ACL
    • Change Wireless Passphrase
    • Enable/Modify Remote Access (also on WAN interface)

To view my Original Advisory:
Sitecom WLM-2501 new Multiple CSRF Vulnerabilities

MITRE CVE Numbering Authority assigned me CVE-2012-1921 and CVE-2012-1922 for these vulnerabilities.

Other related publications:
Secunia Advisory SA48840
Inj3ct0r
Packet Storm
Offensive Security DB
Security Focus
IBM X-Force
OSVDB
http://packetstormsecurity.org/files/111941/Secunia-Security-Advisory-48840.html

Sitecom WLM-2501 Change Wireless Passphrase

Yesterday I’ve discovered new CSRF vulnerabilities in Sitecom WLM-2501 300N wireless modem/router which allow an attacker to change a lot of device parameter and, most of all, to change wireless passphrase.

To know more about these vulnerabilities please read my Original Advisory.

MITRE CVE Numbering Authority assigned me CVE-2012-1921 and CVE-2012-1922 for these vulnerabilities.

Other sources have published my Advisory:
Secunia Security Advisory 48840
Packet Storm
Offensive Security Exploit-DB
Inj3ct0r
IBM X-Force
Security Focus
http://packetstormsecurity.org/files/111941/Secunia-Security-Advisory-48840.html

D-Link DSL-2640B "0day" Vulnerabilities

SecurityFocus (http://www.securityfocus.com/) has assigned me three BID (Bugtraq ID) related to “0day” Dlink and Cisco Linksys vulnerabilities regarding design flaws and exploitable using CSRF:

Following you can read more details about them:
http://www.securityfocus.com/bid/52096
http://www.securityfocus.com/bid/52129
http://www.securityfocus.com/bid/52105

D-Link DSL-2640B Authentication Bypass

This router allows an attacker to bypass authentication and to login with administrator (“admin”) credentials. In fact when the administrator is logged in and an internal attacker will connect to web management interface (default is http://192.168.1.1:80) he will be able to see the MAC Address of logged admin. Symply changing his MAC Address the attacker can bypass authentication and login as administrator.

Fore more details

http://www.exploit-db.com/exploits/18511/
http://packetstormsecurity.org/files/110117/D-Link-DSL-2640B-Authentication-Bypass.html
http://www.securityfocus.com/bid/52129
http://xforce.iss.net/xforce/xfdb/73379
http://osvdb.org/79617
http://1337day.com/exploit/17562

 

Cisco Linksys WAG54GS (ADSL Router) change admin password

Today I found a new “0day” vulnerability into Cisco Linksys WAG54GS Wifi Adsl Router and published related exploit in order to change default administrator (“admin”) password.

To view my Original Advisory:
Cisco Linksys WAG54GS CSRF Original Advisory

Other related publications:
http://osvdb.org/show/osvdb/80809
http://www.exploit-db.com/exploits/18503/
http://packetstormsecurity.org/files/110040/Cisco-Linksys-WAG54GS-Cross-Site-Request-Forgery.html
http://www.securityfocus.com/bid/52105

You can simply modify this exploit in order to change other router’s parameters.

D-Link DSL-2640B (ADSL Router) CSRF "0day" Vulnerability

I’ve discovered a new “0day” vulnerability:

To view my Original Advisory:
D-Link DSL-2640B CSRF (Change admin Password) Original Advisory

Other related publications:
http://osvdb.org/show/osvdb/80803
http://www.securityfocus.com/bid/52096/info
http://www.exploit-db.com/author/?a=3557
http://packetstormsecurity.org/files/author/9536/

This vulnerability allows to change administrator password of D-Link DSL-2640B ADSL Router.