[ml] Alice Gate2 Plus Wi-Fi Cross-Site Request Forgery Vulnerability

Salve a tutti
stamane la mailing list di Secunia [1] mi ha informato di una
ÂparticolaritÃÂ del modem di alice. Andando poi sul sito dell'autore
dell'advisory [2] si legge quanto segue:
 
> It seems to be possible to disable the wifi encryption using the
> following url:
> http://192.168.1.1/cp06_wifi_m_nocifr.cgi?wlChannel=Auto&wlRadioEnable=on
>  
>  
> This can be done because there is no authentication scheme to access
> the admin panel of the modem,
> everyone can access it.
>  
> Common scenario:
> The attacker sends to the victim (using emails, IM or IRC) the
> malicious link and with some social techs
> makes the victim click on it.
> After this, the attacker can access the victim's wlan that is now open
> to everybody.
> Other devices of the same family could be vulnerable too but I did not
> test it.

Non à certo _gravissimo_ ma per lo meno à fastidioso, che ne pensate?
Altri dispositivi della stessa famiglia hanno questa Âcaratteristica ?

Noiano

[1] http://secunia.com/advisories/28618/
[2] http://vx.org.ua/wargamevx/

Attachment: signature.asc
Description: OpenPGP digital signature