This weekend I had the opportunity to perform some security tests on  the Ubee EVW3200, a commonly used cable modem/router in the Netherlands. And yes, I do hate WPS enabled devices!

Multiple vulnerabilities were discovered in this modem/router:

  1. Multiple Cross Site Request Forgery vulnerabilities (only one is shown in the video).
  2. Multiple Persistent Cross Site Scripting vulnerabilities.

Multiple Cross Site Request Forgery vulnerabilities

The video shows a CSRF attack which disables the firewall settings, however it was also found possible to perform many other actions using this type of attack. Another example is a factory reset of the device.

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0Email this to someonePin on Pinterest0Share on Reddit0Digg thisShare on Tumblr0Share on Yummly0Share on StumbleUpon0Flattr the author