You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using this flaw, an attacker can cause victims to change any data the victim is allowed to change or perform any function the victim is authorized to use.
Proof of concept: (POC)
Created a forged request changing the value of any variable, here it is :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URLvariable in the URL http://router-ip/cgi-bin/webproc and sent it to victim forcing him/her to click on the malicious link generated by an attacker with different session allows an attacker to change the settings of the victim’s router.
Figure 1: Blocked sites keywords before CSRF request sent to the victim
Figure 2: a CSRF Request is created by changing Block list URL variable
Figure 3: CSRF request is successfully submitted in the victims browser
Note: Similarly, we can manipulate any request and can force victim to access the link generated by the attacker to make changes to the router settings without victim’s knowledge.
28/10/2015 – Discovered in Netgear Router Firmware Version 1.0.0.24
28/10//2015 - Reported to vendor through support option but, no response
30/10//2015 - Reported to vendor through another support option available here. But, again no response.
03/11/2015 - Finally, Technical Team started addressing about the issue after so many followups through phone/mail.
13/12/2015 - Vulnerability got fixed & case was closed.
30/12/2015 - Netgear Released updated Netgear Router JNR1010 version 1.0.0.32
Details
Product Vendor: Netgear
Bug Name: Cross Site Request Forgery in Netgear Router JNR1010 Version 1.0.0.24
Software: Netgear Router Firmware
Version: 1.0.0.24
Last Updated: 10-06-2015
Homepage: http://netgear.com/
Severity High
Status: Fixed
POC Video URL: https://www.youtube.com/watch?v=tET-t-3h7TU
Description
Using this flaw, an attacker can cause victims to change any data the victim is allowed to change or perform any function the victim is authorized to use.
Proof of concept: (POC)
Created a forged request changing the value of any variable, here it is :InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URLvariable in the URL http://router-ip/cgi-bin/webproc and sent it to victim forcing him/her to click on the malicious link generated by an attacker with different session allows an attacker to change the settings of the victim’s router.
Figure 1: Blocked sites keywords before CSRF request sent to the victim
Figure 2: a CSRF Request is created by changing Block list URL variable
Figure 3: CSRF request is successfully submitted in the victims browser
Note: Similarly, we can manipulate any request and can force victim to access the link generated by the attacker to make changes to the router settings without victim’s knowledge.
Fix
Refer, https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)
Timeline
28/10/2015 – Discovered in Netgear Router Firmware Version 1.0.0.24
28/10//2015 - Reported to vendor through support option but, no response
30/10//2015 - Reported to vendor through another support option available here. But, again no response.
03/11/2015 - Finally, Technical Team started addressing about the issue after so many followups through phone/mail.
13/12/2015 - Vulnerability got fixed & case was closed.
30/12/2015 - Netgear Released updated Netgear Router JNR1010 version 1.0.0.32
Discovered by:
Sathish from Cyber Security Works Pvt Ltd
The text was updated successfully, but these errors were encountered: