Ubee EVW327 Cross-Site Request Forgery Vulnerability Allowing Unauthorized Remote Access
Vulnerability
A cross-site request forgery (CSRF) vulnerability has been identified in the Ubee EVW327 router. This vulnerability allows attackers to enable remote access without user interaction. By crafting a malicious webpage that automatically submits a form, attackers can change the router's remote access settings to port 8080 without the user's consent.
Impact
Exploitation of this vulnerability allows for unauthorized remote access to the router, potentially leading to further attacks or unauthorized changes to the router's configuration.
Reproduction
To exploit this vulnerability, an attacker can create a webpage that includes a form targeting the router's management interface. The form should be set to submit a request to enable remote access, specify port 8080, and include an action to apply the changes. Once the form is submitted, the router will automatically update the remote access settings without any user consent.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.