| tiêu đề | UNIWAY ROUTERS Router Firmware V2.0 CROSS SITE REQUEST FORGERY |
|---|
| Mô tả | Dear Team,
I trust this message finds you all in good spirits.
I wish to bring to your attention a recently discovered vulnerability in the Uniway router's firmware (Device Model: UW-302VP). It has come to light that the router lacks the utilization of cookies or any headers for authentication, thereby exposing it to CSRF (Cross-Site Request Forgery) exploitation.
Official Website: http://www.uniwayinfo.com
This vulnerability could potentially enable an attacker to:
- Modify WiFi device details such as SSID
- Change the router's password
- Establish a custom WPS PIN (which could subsequently be exploited for password cracking)
- Initiate a router reboot, among other potential actions.
For your reference, I have enclosed a Proof of Concept video that demonstrates this vulnerability.
Thank you for your consideration.
Warm regards, Faiyaz Ahmad |
|---|
| Nguồn | ⚠️ https://drive.google.com/file/d/15Wr3EL4cpAS_H_Vp7TuIftssxAuzb4SL/view?usp=sharing |
|---|
| Người dùng | faiyazahmad (UID 60242) |
|---|
| Đệ trình | 15/12/2023 21:55 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 24/12/2023 09:00 (8 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 248939 [Uniway UW-302VP 2.0 Admin Web Interface wlan_basic_set.cgi wlanssid/password Giả mạo yêu cầu liên trang] |
|---|
| điểm | 20 |
|---|