Edimax EW-7438RPn Cross-Site Request Forgery Vulnerability in MAC Filtering

A cross-site request forgery (CSRF) vulnerability has been identified in the Edimax EW-7438RPn Mini Wi-Fi extender, specifically in version 1.13. This vulnerability allows attackers to manipulate MAC filtering settings by tricking users into adding unauthorized MAC addresses to the device's filtering rules without their knowledge. The issue arises in the MAC filtering configuration interface, where crafted web pages can exploit the vulnerability.

Impact

Exploitation of this vulnerability allows for unauthorized modification of MAC filtering rules, potentially leading to unauthorized network access or disruption of network services.

Reproduction

To reproduce this vulnerability, a CSRF exploit can be crafted that targets the MAC filtering configuration interface. The exploit must be delivered to the user in a way that tricks them into submitting the form without their consent. This can be done by hosting the exploit on a malicious web page that the user is likely to visit. Once the page is loaded, the form is automatically submitted, adding the specified MAC address to the device's filtering rules.