Article by Eugene Dokukin (AKA MustLive)
Almost all network devices are vulnerable to CSRF due to misunderstanding of this threat by developers of such devices. So attackers can conduct remote CSRF attacks on network devices, such as routers, Wi-Fi Access Points and others, to do many different nasty things.
Attackers can DoS them, disable different functionalities and change different settings, which allows them to take devices under full control (and take control on the user\s’ traffic through these devices).
Such vulnerabilities exist in different network devices, such as Iskra Callisto 821+, D-Link DSL-500T ADSL Router and D-Link DAP 1150, vulnerabilities in which I’ve found and disclosed at my site. And by using CSRF attacks on these vulnerabilities the attacker can receive full control of these devices.
Developers of network devices don’t attend enough to security (vulnerabilities in such devices are found all the time), especially CSRF, because they think that devices will reside in a LAN and will not accessible from Internet.
But it’s not true, when such devices resides in a LAN, which has computers with access to Internet (CSRF attacks can be conducted via the browsers of the users at these computers).
Not to mention that there is also a threat of local attacks – from malicious local attackers or viruses – so developers should not leave their devices with remote or local vulnerabilities. For example routers and ADSL modems, which allow users to access the Internet, are typically affected devices.
These can be attacked remotely via CSRF from the Internet. For external attackers the most interest represent such network devices as routers and other devices with router-functionality (ADSL modems, Wi-Fi Access Points, etc.).
Because it’s possible to setup these devices in such way, that attacker will take control of the traffic – all traffic (such as DNS requests) will be send via his own server, allowing him to sniff confidential data and conduct phishing attacks on all users in a LAN who are using these devices to access the Internet.
Download the full Understanding CSRF Attacks white paper here: