Think Router Tk-Rt-Wr135G Authentication Bypass Vulnerability via Crafted Cookie
Vulnerability
An authentication bypass vulnerability has been identified in the Think Router model Tk-Rt-Wr135G, specifically in firmware version 3.0.2-X000. This vulnerability allows attackers to bypass the login form by manipulating the LoginStatus cookie. By changing the cookie's value from 'false' to 'true', an attacker can gain unauthorized access to the router's configuration settings. The exploitation of this vulnerability could lead to various attacks, such as DNS hijacking, unauthorized firmware updates, or sending unauthenticated requests to the router using tools like curl.
Impact
Exploitation of this vulnerability could allow for unauthorized access to the router's configuration, potentially leading to DNS hijacking, unauthorized firmware updates, or other malicious actions via unauthenticated requests to the router.
Reproduction
The vulnerability can be reproduced by using a web browser's console or a cookie inspector to modify the LoginStatus cookie. Changing the cookie's value from 'false' to 'true' will bypass the authentication process, allowing access to the router's settings.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.