# Exploit Title: Beetel TC1-450 Airtel Wireless Router - Multiple CSRF Vulnerabilities # Date: 12/13/2013 # Author: SaMaN( @samanL33T ) # Vendor Homepage:http://www.beetel.in/node/10139 # Category: Hardware/Wireless Router # Firmware Version: TM4-0Q-020 and below # Tested on: Beetel 450-TC1 Wireless Router # Patch/ Fix: Upgrade to latest firmware version/ move to Beetle 450-TC2 --------------------------------------------------- Technical Details ~~~~~~~~~~~~~~~~~ Beetel 450-TC1 Wireless Router has a Cross Site Request Forgery Vulnerability in its Web Console. Attacker can easily change Wireless password,Reboot Router, Reset Router,Change Router's Admin Password by simply making the user visit a CSRF link. Exploit Code ~~~~~~~~~~~~ Change Wifi (WPA2/PSK) password by CSRF ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Factory Reset Router Settings by CSRF ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Change Router's Admin Password by CSRF ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Restart Router by CSRF ~~~~~~~~~~~~~~~~~~~~~ -- SaMaN twitter : @samanL33T