← Advisories

Teradek Cube 7.3.6 CSRF Change Password Exploit

Medium
Advisory ID
ZSL-2018-5464
Release Date
21 May 2018
Vendor
Teradek, LLC - https://www.teradek.com
Affected Version
Firmware Version: 7.3.6 (build 26850), Hardware Version: 1.5, Teradek Firmware Version 7.3.15
CVE
CVE-2018-25156
Tested On
lighttpd/1.4.31
Summary

Cube packs world-class video quality into a rugged, portable chassis for quick IP video deployments at any location. Each encoder and decoder includes HDMI and 3G-SDI I/O, Ethernet / WiFI connectivity, and full duplex IFB.

Description

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Proof of Concept
teradek_cube_csrf.htmlTXT
Disclosure Timeline
02.03.2018Vulnerability discovered.
08.05.2018Vendor contacted.
08.05.2018Vendor replied asking more details.
08.05.2018Sent details to the vendor.
10.05.2018Asked vendor for status update.
13.05.2018No response from the vendor.
14.05.2018Asked vendor for status update.
20.05.2018No response from the vendor.
21.05.2018Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://exchange.xforce.ibmcloud.com/vulnerabilities/143727
[2]https://packetstormsecurity.com/files/147792
[3]https://www.exploit-db.com/exploits/44675/
[4]https://cxsecurity.com/issue/WLB-2018050173
[5]https://www.cve.org/CVERecord?id=CVE-2018-25156
Changelog
21.05.2018Initial release
29.05.2018Added reference [1], [2], [3] and [4]
23.03.2026Added reference [5]