Full Disclosure mailing list archives
Re: Alice Telecom Italia AGPF ADSL router CSRF reconfiguration
From: David3 <netevil () hackers it>
Date: Sun, 2 Sep 2012 18:47:40 +0200
Ciao Emilio, Is this vulnerability exploitable locally then? My Alice router is not here and I would like to test it...are there any chances to revert the conf from remote with your poc? Thanks! davide Sent from my mobile Il giorno 02/set/2012, alle ore 14:03, Emilio Pinna <emilio.pinn () gmail com> ha scritto:
################# Alice Telecom Italia AGPF ADSL router CSRF reconfiguration ################# ## ABSTRACT An huge number of ADSL broadband Italian users are vulnerable to connection wiretapping and phishing. The most widely distribuited italian ADSL router Alice Gate 2 Plus Voip Wi-Fi (AGPF), produced by Pirelli, suffers a CSRF attack that allows an attacker to modify internal router configuration like DNS servers, traffic routing, VoIP configurations, DHCP parameters, and and other configurations that may lead to a complete takeover of the user's ADSL connection. The technique is also useful to enable hidden feature and telnet/ftp/tftp/web extended admin interface. ## VENDOR: Alice Telecom Italia Modem/Routers manufactered by Pirelli ## MODEL: AGPF[Alice Gate VoIP 2 Plus Wi-Fi] version < 2.6.0 ## PLATFORM: Customized Linux with openrg middleware on Broadcom BCM96348 chipset. ## VULNERABILITY: CSRF and configuration injection via HTTP POST parameter ## EMAIL: emilio.pinn gmail ## AUTHOR: Emilio Pinna ## RISK: high More details are published in Dissecting blog: Introduction: http://disse.cting.org/2012/09/02/alice-gate-agpf-csrf-reconf-vulnerability/ Technical details: http://disse.cting.org/2012/09/02/alice-gate-agpf-csrf-reconf-vulnerability-details/ POC: http://disse.cting.org/codes/alice.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Alice Telecom Italia AGPF ADSL router CSRF reconfiguration Emilio Pinna (Sep 02)
- Re: Alice Telecom Italia AGPF ADSL router CSRF reconfiguration David3 (Sep 03)
- Re: Alice Telecom Italia AGPF ADSL router CSRF reconfiguration Emilio Pinna (Sep 03)
- Re: Alice Telecom Italia AGPF ADSL router CSRF reconfiguration David3 (Sep 03)
- Re: Alice Telecom Italia AGPF ADSL router CSRF reconfiguration Emilio Pinna (Sep 03)
- Re: Alice Telecom Italia AGPF ADSL router CSRF reconfiguration David3 (Sep 03)