Có nhà nào dùng TPLINK WR740N/WR740ND không nhỉ? dễ dàng change password nhé.

[root]

# Exploit Title: TPLINK WR740N Multiple CSRF Vulnerabilities
# Date: 11/24/2013
# Author: SaMaN( @samanL33T )
# Vendor Homepage: http://tplink.com
# Category: Hardware/Wireless Router
# Firmware Version: 3.16.6 Build 130529 Rel.47286n and below
# Tested on: WR740N/WR740ND (May be possible on other models)
---------------------------------------------------

Technical Details
~~~~~~~~~~~~~~~~~~
TPLINK WIreless Router WR740N has a Cross Site Request Forgery Vulnerability in its Web Console. Attacker can easily change Wireless password,Reboot Router,Change Settings by simply making the user visit a CSRF link.


Application uses "HTTP-REFERER" check functionality to check for CSRF attacks. But it can easily be bypassed using the "Referer" parameter with value set to target's I.P in the GET request.




Exploit Code
~~~~~~~~~~~~~


Change WPA/WPA2 password by CSRF
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




































#For Changing the Security to Open WEP, simply change "secType" value to 1.


Reboot Router by CSRF
~~~~~~~~~~~~~~~~~~~~~














Factory Reset the Router
~~~~~~~~~~~~~~~~~~~~~~~~
















--
SaMaN
twitter : @samanL33T