Introduction
Among other cable modems, UPC uses the Technicolor TC7200. The Technicolor TC7200 is a DOCSIS 3.0 dual band concurrent wireless Embedded Multimedia Terminal Adapter (EMTA).

After getting my hands on one of these modems I decided to test it for vulnerabilities in the web interface. As it turned out, the device had multiple vulnerabilities of which one is Cross Site Request Forgery.

Multiple Cross Site Request Forgery Vulnerabilities
It is possible to change the IP filtering options, the firewall settings and factory reset the device. It should be understood that it is also possible for an attacker to create an IP forwarding rule that enables remote access to the device.

It is possible to perform a Cross Site Request Forgery attack on any function within the web application since the origin of the request is not checked anywhere. The video above is only showing a few options that an attacker might be able to exploit.  The following payloads are used in the video:

 

 

CVE-ID: CVE-2014-0621

Share on Facebook0Share on Google+1Tweet about this on TwitterShare on LinkedIn0Email this to someonePin on Pinterest0Share on Reddit0Digg thisShare on Tumblr0Share on Yummly0Share on StumbleUpon0Flattr the author