Full Disclosure mailing list archives
Re: Alice Telecom Italia AGPF ADSL router CSRF reconfiguration
From: Emilio Pinna <emilio.pinn () gmail com>
Date: Sun, 2 Sep 2012 18:50:13 +0200
As article said, the router is exploitable via a simple HTTP POST, eventually triggerable by CSRF attack. How do you means with "revert the conf"? With this method you can change (and so restore) every single configuration aspect of the router. On Sun, Sep 2, 2012 at 6:47 PM, David3 <netevil () hackers it> wrote:
Ciao Emilio, Is this vulnerability exploitable locally then? My Alice router is not here and I would like to test it...are there any chances to revert the conf from remote with your poc? Thanks! davide Sent from my mobile Il giorno 02/set/2012, alle ore 14:03, Emilio Pinna <emilio.pinn () gmail com> ha scritto:################# Alice Telecom Italia AGPF ADSL router CSRF reconfiguration ################# ## ABSTRACT An huge number of ADSL broadband Italian users are vulnerable to connection wiretapping and phishing. The most widely distribuited italian ADSL router Alice Gate 2 Plus Voip Wi-Fi (AGPF), produced by Pirelli, suffers a CSRF attack that allows an attacker to modify internal router configuration like DNS servers, traffic routing, VoIP configurations, DHCP parameters, and and other configurations that may lead to a complete takeover of the user's ADSL connection. The technique is also useful to enable hidden feature and telnet/ftp/tftp/web extended admin interface. ## VENDOR: Alice Telecom Italia Modem/Routers manufactered by Pirelli ## MODEL: AGPF[Alice Gate VoIP 2 Plus Wi-Fi] version < 2.6.0 ## PLATFORM: Customized Linux with openrg middleware on Broadcom BCM96348 chipset. ## VULNERABILITY: CSRF and configuration injection via HTTP POST parameter ## EMAIL: emilio.pinn gmail ## AUTHOR: Emilio Pinna ## RISK: high More details are published in Dissecting blog: Introduction: http://disse.cting.org/2012/09/02/alice-gate-agpf-csrf-reconf-vulnerability/ Technical details: http://disse.cting.org/2012/09/02/alice-gate-agpf-csrf-reconf-vulnerability-details/ POC: http://disse.cting.org/codes/alice.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Alice Telecom Italia AGPF ADSL router CSRF reconfiguration Emilio Pinna (Sep 02)
- Re: Alice Telecom Italia AGPF ADSL router CSRF reconfiguration David3 (Sep 03)
- Re: Alice Telecom Italia AGPF ADSL router CSRF reconfiguration Emilio Pinna (Sep 03)
- Re: Alice Telecom Italia AGPF ADSL router CSRF reconfiguration David3 (Sep 03)
- Re: Alice Telecom Italia AGPF ADSL router CSRF reconfiguration Emilio Pinna (Sep 03)
- Re: Alice Telecom Italia AGPF ADSL router CSRF reconfiguration David3 (Sep 03)