|reply to koolkid1563 |
Re: 2Wire Cross Site Request Forgery Vulnerability
said by "kookid1563" :agreed. you can change the wireless settings (SSID, change to WEP OR WPA or unsecured, or jsut change the passphrase for each) , change firewall settings, disable interfaces, reboot, etc. There's many hidden pages that you can't find through the interface if you just go up sequentially through the A, H, J, etcetera pages.
I have done this on my 2wire 3800HGV-B with firmware version 220.127.116.11 and it works. There is more that can be done than just changing the password and maybe adding a DNS redirect in the resolve page. I have been able to figure out the URL commands using the POST and SET pages to control almost every setting of the RG.