Home / os / winmobile

Netgear 1.0.0.24 Cross Site Request Forgery

Posted on 12 January 2016

Details ================ #Product Vendor: Netgear #Netgear GPL: http://kb.netgear.com/app/answers/detail/a_id/2649/~/netgear-open-source-code-for-programmers-(gpl) http://www.gnu.org/licenses/gpl.txt #Bug Name: Cross Site Request Forgery in Netgear Router JNR1010 Version 1.0.0.24 #Software: Netgear Router JNR1010 Firmware #Version: 1.0.0.24 #Last Updated: 10-06-2015 <http://kb.netgear.com/app/answers/detail/a_id/29270/~/jnr1010-firmware-version-1.0.0.24> #Homepage: http://netgear.com/ #Severity High #Status: Fixed <http://kb.netgear.com/app/answers/detail/a_id/30177/~/jnr1010-firmware-version-1.0.0.32> #CVE : not assigned #POC Video URL: https://www.youtube.com/watch?v=tET-t-3h7TU Description ================ Using this flaw, an attacker can cause victims to change any data the victim is allowed to change or perform any function the victim is authorized to use. Technical Details ================ Created a forged request changing the value of any variable, here it is *:InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL *variable in the URL http://router-ip/cgi-bin/webproc and sent it to victim forcing him/her to click on the malicious link generated by an attacker with different session allows an attacker to change the settings of the victim’s router. For more, also refer - https://github.com/cybersecurityworks/Disclosed/issues/13 *Note:* Similarly, we can manipulate any request and can force victim to access the link generated by the attacker to make changes to the router settings without victim’s knowledge. Advisory Timeline ================ 28/10/2015 - Discovered in Netgear Router JNR1010 Firmware Version 1.0.0.24 28/10//2015 - Reported to vendor through support option but, no response 30/10//2015 - Reported to vendor through another support option available here <http://support.netgear.com/for_home/default.aspx>. But, again no response. 03/11/2015 - Finally, Technical Team started addressing about the issue after so many follow ups through phone/mail. 13/12/2015 - Vulnerability got fixed & case was closed. 30/12/2015 - Netgear Released updated version 1.0.0.32 <http://kb.netgear.com/app/answers/detail/a_id/30177/~/jnr1010-firmware-version-1.0.0.32> Fix ================ https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) Credits & Authors ================ Sathish Kumar <sathish@cybersecurityworks.com> from cybersecurityworks Pvt Ltd <http://www.cybersecurityworks.com/> About Cybersecurityworks ================ Cybersecurity Works is basically an auditing company passionate working on findings & reporting security flaws & vulnerabilities on web application and network. As professionals, we handle each client differently based on their unique requirements. Visit our website <http://www.cybersecurityworks.com/> for more information. -- ---------- Cheers !!! Team CSW Research Lab <http://www.cybersecurityworks.com>

 

TOP