Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery

Title: Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Cross-Site Request Forgery
Advisory ID: ZSL-2019-5502
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 05.01.2019
Summary
The Leica GR10 is the next generation GNSS reference station receiver that combines the latest state-of-the-art technologies with a streamlined 'plug and play' workflow. Designed for a wide variety of GNSS reference station applications, the Leica GR10 offers new levels of simplicity, reliability and performance.
Description
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
Vendor
Leica Geosystems AG - https://www.leica-geosystems.com
Affected Version
4.30.063
4.20.232
4.11.606
3.22.1818
3.10.1633
2.62.782
1.00.395
Tested On
BarracudaServer.com (WindowsCE)
Vendor Status
N/A
PoC
leica_csrf.html
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] https://www.exploit-db.com/exploits/46090
[2] https://packetstormsecurity.com/files/151040
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/155275
Changelog
[05.01.2019] - Initial release
[14.01.2019] - Added reference [1], [2] and [3]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk