Teradek Cube Cross-Site Request Forgery Vulnerability in Version 7.3.6

A cross-site request forgery (CSRF) vulnerability has been identified in the Teradek Cube firmware version 7.3.6. This vulnerability allows attackers to change administrative passwords without proper request validation. By crafting a malicious web page with a hidden form, attackers can submit password change requests to the device's system configuration interface. The vulnerability arises because the application interface does not perform adequate validity checks on HTTP requests, enabling actions to be executed with administrative privileges if a logged-in user visits the malicious site.

Impact

Exploitation of this vulnerability could lead to unauthorized password changes, allowing attackers to gain administrative access on the affected device.

Reproduction

To reproduce this vulnerability, a logged-in user must be tricked into visiting a malicious web page that contains a hidden form. This form should be set to submit password change requests to the device's system configuration interface. The form must include the new password, a confirmation of the new password, the username 'admin', and an action command to change the password. Once the form is submitted, the password will be changed without any validation, exploiting the CSRF vulnerability.