[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] Cross Site Request Forgery in Netgear Router JNR1010 Version 1.0.0.24
- To: cve-assign@xxxxxxxxx, oss-security@xxxxxxxxxxxxxxxxxx
- Subject: [FD] Cross Site Request Forgery in Netgear Router JNR1010 Version 1.0.0.24
- From: CSW Research Lab <disclose@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 11 Jan 2016 16:41:26 +0530
Hi,
Can you assign CVE id to this flaw?
Details
================
#Product Vendor: Netgear
#Netgear GPL:
http://kb.netgear.com/app/answers/detail/a_id/2649/~/netgear-open-source-code-for-programmers-(gpl)
http://www.gnu.org/licenses/gpl.txt
#Bug Name: Cross Site Request Forgery in Netgear Router JNR1010 Version
1.0.0.24
#Software: Netgear Router JNR1010 Firmware
#Version: 1.0.0.24
#Last Updated: 10-06-2015
<http://kb.netgear.com/app/answers/detail/a_id/29270/~/jnr1010-firmware-version-1.0.0.24>
#Homepage: http://netgear.com/
#Severity High
#Status: Fixed
<http://kb.netgear.com/app/answers/detail/a_id/30177/~/jnr1010-firmware-version-1.0.0.32>
#CVE : not assigned
#POC Video URL: https://www.youtube.com/watch?v=tET-t-3h7TU
Description
================
Using this flaw, an attacker can cause victims to change any data the
victim is allowed to change or perform any function the victim is
authorized to use.
Technical Details
================
Created a forged request changing the value of any variable, here it is
*:InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1.URL *variable in
the URL http://router-ip/cgi-bin/webproc and sent it to victim forcing
him/her to click on the malicious link generated by an attacker with
different session allows an attacker to change the settings of the victim’s
router.
For more, also refer -
https://github.com/cybersecurityworks/Disclosed/issues/13
*Note:* Similarly, we can manipulate any request and can force victim to
access the link generated by the attacker to make changes to the router
settings without victim’s knowledge.
Advisory Timeline
================
28/10/2015 - Discovered in Netgear Router JNR1010 Firmware Version 1.0.0.24
28/10//2015 - Reported to vendor through support option but, no response
30/10//2015 - Reported to vendor through another support option available
here <http://support.netgear.com/for_home/default.aspx>. But, again no
response.
03/11/2015 - Finally, Technical Team started addressing about the issue
after so many follow ups through phone/mail.
13/12/2015 - Vulnerability got fixed & case was closed.
30/12/2015 - Netgear Released updated version 1.0.0.32
<http://kb.netgear.com/app/answers/detail/a_id/30177/~/jnr1010-firmware-version-1.0.0.32>
Fix
================
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
Credits & Authors
================
Sathish Kumar <sathish@xxxxxxxxxxxxxxxxxxxxxx> from cybersecurityworks Pvt
Ltd <http://www.cybersecurityworks.com/>
About Cybersecurityworks
================
Cybersecurity Works is basically an auditing company passionate working on
findings & reporting security flaws & vulnerabilities on web application
and network. As professionals, we handle each client differently based on
their unique requirements. Visit our website
<http://www.cybersecurityworks.com/> for more information.
--
----------
Cheers !!!
Team CSW Research Lab <http://www.cybersecurityworks.com>
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/