imge
Get Started!

Securin Zero-Days

CVE-2016-11015 – Cross-Site Request Forgery in Netgear Router

Severity:High

Vendor

NetGear

Affected Product

JNR1010_firmware

CVE

CVE-2016-11015

Securin ID

2016-CSW-01-1016

Status

Fixed

Date

October 28, 2015

Description

A Cross-site request forgery vulnerability was identified on NETGEAR JNR1010 devices before 1.0.0.32 allow cgibin/webprocCSRFviathe: InternetGatewayDevice. X_TWSZCOM_URL_Filter.BlackList.1.URL parameter. This vulnerability is due to insufficient CSRF protections for the web UI on an affected device.

Proof of Concept (POC):

We created a forged request by changing the value of any variable. In InternetGatewayDevice.X_TWSZ-COM_URL_Filter.BlackList.1 variable in the URL http://router-ip/cgi-bin/webproc was sent to the victim by forcing him/her to click on the malicious link generated by an attacker. With different sessions, it allows the attacker to change the settings of the victim’s router.

Figure 01: Blocked site keywords before the CSRF request was sent to the victim.

 
Figure 02: CSRF Request is created by changing the Blocklist URL variable.

 

Figure 03: CSRF request is successfully submitted in the victim’s browser.

Note: Similarly, we can manipulate any request and can force the victim to access the link generated by the attacker to make changes to the router settings without the victim’s knowledge.

Impact

An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.

Remediations

Download the latest updated firmware and update it as per vendor advisory.

Timeline

Oct 28, 2015: Discovered vulnerability in Netgear Router Firmware Version 1.0.0.24
Oct 28, 2015: Reported to vendor.
Nov 03, 2015: Netgear’s technical team address the issue after follow-up
Dec 13, 2015: Vulnerability got fixed
Dec 30, 2015: Updated Netgear Router JNR1010 version 1.0.0.32 was released

Let Securin level up your security posture!

START NOW