Actiontec CSRF

Actiontec CSRFInteresting vulnerability found in the¬†Actiontec MI424WR-GEN3I router by Jacob Holcomb of Independent Security Evaluators. The vulnerability is a CSRF that easily allows you to add administrator users and enable remote administration simply by crafting some HTML and pointing a browser in the router’s network to it.

Details for how to do this can be found here.