Y
Hacker News
new
|
ask
|
show
|
jobs
by
prez
4452 days ago
Doesn't the target need to have an active router admin session for the CSRF to work?
Unless I'm missing something...
2 comments
pizzeys
4452 days ago
I don't know about this specific bug, but there have been consumer routers bugs before (Netgear specifically) where not only were they vulnerable to CSRF, but authentication bypass at the same time if the request was crafted carefully.
link
bartbes
4452 days ago
UPnP is made to have application automatically open ports without being logged into the web config.
link