CVE-2012-1922

 1title: CVE-2012-1922
 2status: experimental
 3description: Detection of CVE-2012-1922 observed from our Honeypots
 4references:
 5  - http://www.webapp-security.com/2012/03/sitecom-wlm-2501-multiple-csrf-vulnerabilities
 6  - https://www.exploit-db.com/exploits/18651
 7author: Loginsoft Research Unit
 8date: 2021/09/01
 9logsource:
10  product: Sitecom WLM-2501
11  category: Router
12detection:
13  selection:
14    c-uri: "/goform/formWsc"
15    cs-method: "POST"
16  keywords1:
17    - "submit-url=/wlwps.asp"
18    - "resetUnCfg=0"
19    - "setPIN=Start PIN"
20    - "configVxd=off"
21    - "resetRptUnCfg=0"
22    - "peerRptPin="
23  keywords2:
24    - "wget"
25    - "curl"
26  condition: selection and keywords1 and keywords2
27level: High

References

• Sitecom WLM-2501 new Multiple CSRF Vulnerabilities

  The web interface of this router is affected by multiple CSRF vulnerabilities which allows to change the following device’s parameters: Disable Mac Filtering Disable/Modify IP/Port Filtering Disabl...

  
  Read More

• OffSec’s Exploit Database Archive

  

  Sitecom WLM-2501 - Multiple Cross-Site Request Forgery Vulnerabilities. CVE-80538CVE-2012-1922CVE-2012-1921 . webapps exploit for ASP platform

  
  Read More