Category: CSRF

RouterCheck now detects the “Kafeine Vulnerability”

Security researcher Kafeine recently discovered a web-based attack tool that hackers have been using to compromise home routers. The attack utilizes Cross-Site Request Forgery (CSRF) vulnerabilities that are present in many popular routers. The list of router vendors affected include: ASUS Belkin D-Link Edimax Linksys Medialink Microsoft Netgear Tenda TP-Link Trendnet ZyXEL The attack modifies the […]

Vulnerability in Motorola Modem/Router

A new CSRF vulnerability has been discovered in the Motorola SBG901 SURFBoard modem/router. The device has a problem whereas a hacker can change it’s administrator login credentials or DNS settings simply by having the device’s owner click on a well-crafted malicious link. Motorola is aware of the issue, but will not fix it due to […]

BrightBox Vulnerablities

Scott Helme, a blogger from the UK has warned of multiple vulnerabilities with BrightBox, a router that’s standard equipment for subscribers to the UK’s EE telecom service. He found that the device leaked sensitive information such as WPA encryption keys, passwords and ISP user credentials. Hackers might also have the ability to change a router’s DNS […]


There’s a great analysis of a newly discovered CSRF vulnerability in certain models of TP-LINK routers. This analysis explains what the vulnerability is, what it could affect, how to detect it, and how it could be exploited. A CSRF attack is often used by hackers to attack routers passively without having to directly touch them. […]

Actiontec CSRF

Interesting vulnerability found in the Actiontec MI424WR-GEN3I router by Jacob Holcomb of Independent Security Evaluators. The vulnerability is a CSRF that easily allows you to add administrator users and enable remote administration simply by crafting some HTML and pointing a browser in the router’s network to it. Details for how to do this can be found […]