The CGI scripts in the WBR-1310 (firmware v.2.00) do not validate
authentication credentials. Administrative settings can be changed by
sending the appropriate HTTP request directly to a CGI script without
authenticating to the device.

The following request will change the administrative password to 'hacked'
and enable remote administration on port 8080:*&hport=8080&hEnable=1

Even if remote administration is not enabled, any Web page that any internal
user browses to can change the administrator password and enable remote
administration via a hidden image tag embedded in the Web page. No
Javascript required.

Newer versions of the WBR-1310 firmware are not vulnerable, but since
version 2.00 is the default firmware, most WBR-1310 routers are still
running it.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Reply via email to