Y
Hacker News
new
|
ask
|
show
|
jobs
by
amluto
742 days ago
Some CPE exposes an API on the LAN side, and some of these APIs aren’t protected against CSRF. I wonder whether the modem in question is vulnerable.
1 comments
mh-
742 days ago
Browser security enhancements have made enumerating those a lot more difficult, but a quick google suggests there were still tricks to achieve DNS rebinding as recently as 2023. Very possible.
link
amluto
742 days ago
I can probably guess a cable modem’s IP address and a crappy CPE router’s IP address in one guess each. Enumeration isn’t usually the problem.
link