Path: blob/master/modules/exploits/router/tplink_dns_csrf/config.yaml
1895 views
#1# Copyright (c) 2006-2026 Wade Alcorn - [email protected]2# Browser Exploitation Framework (BeEF) - https://beefproject.com3# See the file 'doc/COPYING' for copying permission4#5# References:6# CVE-2013-26457# http://securityevaluators.com/knowledge/case_studies/routers/tp-link_wr1043n.php8# http://www.jakoblell.com/blog/2013/10/30/real-world-csrf-attack-hijacks-dns-server-configuration-of-tp-link-routers-2/9# http://news.softpedia.com/news/Cybercriminals-Exploit-TP-Link-Router-CSRF-Vulnerabilities-to-Hijack-DNS-Settings-395545.shtml10#11beef:12module:13tplink_dns_csrf:14enable: true15category: ["Exploits", "Router"]16name: "TP-Link DNS Hijack CSRF"17description: "Attempts to change the DNS setting on a TP-Link router (WR1043ND, TL-MR3020, TL-WDR3600).<br/><br/>The browser must be have an authenticated session on the router.<br/><br/>The list of affected devices includes:<br/>TP-Link WR1043ND V1 up to firmware version 3.3.12 build 120405<br/>TP-Link TL-MR3020 firmware version 3.14.2 Build 120817 Rel.55520n and version 3.15.2 Build 130326 Rel.58517n<br/>TL-WDR3600 firmware version 3.13.26 Build 130129 Rel.59449n and version 3.13.31 Build 130320 Rel.55761n.<br/><br/>This module has not been tested."18authors: ["Jakob Lell", "Jacob Holcomb"]19target:20unknown: ["ALL"]212223