← Advisories

Ecessa ShieldLink SL175EHQ 10.7.4 CSRF Add Superuser Exploit

Medium

Advisory ID

ZSL-2018-5476

Release Date

24 June 2018

Vendor

Ecessa Corporation - https://www.ecessa.com

Affected Version

10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24

CVE

CVE-2018-25150

Tested On

lighttpd/1.4.35

Summary

Ecessa's ShieldLink 60, 175, 600,1200 & 4000 are advanced, yet highly affordable secure WAN Optimization Controllers that incorporate all of the ISP/WAN link.

Description

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Proof of Concept

ecessa_shieldlink_csrf.htmlTXT

Disclosure Timeline

21.05.2018Vulnerability discovered.

21.05.2018Contact with the vendor.

23.06.2018No response from the vendor.

24.06.2018Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://exchange.xforce.ibmcloud.com/vulnerabilities/145437

[2]https://packetstormsecurity.com/files/148304

[3]https://cxsecurity.com/issue/WLB-2018060287

[4]https://www.exploit-db.com/exploits/44938/

[5]https://www.cve.org/CVERecord?id=CVE-2018-25150

Changelog

24.06.2018Initial release

11.07.2018Added reference [1], [2], [3] and [4]

23.03.2026Added reference [5]