Exploits / Vulnerability Discovered : 2018-05-10 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Fastweb fastgate 0.00.47 crosssite request forgery is for educational purposes only and if it is used you will do on your own risk!
I DESCRIPTION
========================================================================
An issue was discovered in Fastweb FASTgate 0.00.47 device. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify the configuration. This vulnerability may lead to Gues Wi-Fi activating, Wi-Fi password changing, etc.
The vulnerability was disclosed to Fastweb on 19 January 2018.
Fastweb independently patched customer devices with non-vulneable version .67 from December 2017 thru March 2018.
II PROOF OF CONCEPT
========================================================================