[Ivan]

Citat:

|| Vulnerability

There is no CSRF protection so we can create malicious web pages and create some CSRF attacks.
Is user is logged on his device we can change passwords or some another settings.

.: POC (CSRF)
http://PUBLIC_IP_OF_USER/password.cg...4_NEW_PASSWORD

While testing we found one strange behavior with /rebootinfo.cgi (reboot device script).
Normaly for all this CSRF user must be logged into device web interface but if we request:
http://PUBLIC_IP_OF_USER/rebootinfo.cgi, basic authentication is bypassed and device
is rebooted.

So we have CSRF + Authentication Bypass that lead to DoS of end user.

.: POC (CSRF + Auth Bypass => DoS)
http://PUBLIC_IP_OF_USER/rebootinfo.cgi

http://netsec.rs/18/huawei-hg510-mul...abilities/493/