Vulnerability Title: Open Redirect in formALGSetup Function in BR-6208AC_V2_1.03 Firmware
Discovered by: tzh00203
Contact Information: [email protected]
Affected Version: BR-6208AC_V2_1.03 firmware
Component: Web-based ALG Configuration (formALGSetup)
An open redirect vulnerability exists in the formALGSetup function of the BR-6208AC_V2_1.03 firmware. This vulnerability occurs due to improper handling of the wlan-url parameter, which allows an attacker to redirect users to arbitrary URLs. An attacker can exploit this flaw by crafting a specially crafted URL that, when accessed, causes the victim's browser to be redirected to a malicious website.
In the formALGSetup function, the wlan-url parameter is used to perform a redirection after certain configuration changes are made. However, this parameter is not properly validated, which allows attackers to control the redirect destination.
When a user accesses a page with a maliciously crafted URL, the attacker can inject an arbitrary URL into the wlan-url parameter. Upon submission, the device redirects the victim's browser to the attacker's specified URL, potentially leading to phishing attacks, malware distribution, or other malicious activities.
The vulnerability arises from the lack of proper sanitization and validation of the wlan-url input before it is used in the document.location.replace() function, making the device vulnerable to open redirect attacks.
The code contains a vulnerability due to improper handling of user input in the formALGSetup function, where the wlan-url parameter is passed directly into the REDIRECT_PAGE function without proper sanitization or validation. This creates an Open Redirect vulnerability.
