Vulnerability Title: Open Redirect in formStaDrvSetup Function in BR-6258n v1.18 Firmware
Discovered by: tzh00203
Contact Information: [email protected]
Affected Version: BR-6258n v1.18 firmware
Component: Web-based WLAN Configuration (formStaDrvSetup)
An open redirect vulnerability exists in the formStaDrvSetup function of the BR-6258n v1.18 firmware. This vulnerability arises from improper handling of the submit-url parameter, which allows an attacker to redirect users to arbitrary URLs. An attacker can exploit this flaw by crafting a specially crafted URL that, when accessed, causes the victim's browser to be redirected to a malicious website.
In the formStaDrvSetup function of the BR-6258n v1.18 firmware, the submit-url parameter is used to perform a redirection after certain configuration changes are made. However, this parameter is not properly validated, which allows attackers to control the redirect destination.
When a user accesses a page with a maliciously crafted URL, the attacker can inject an arbitrary URL into the submit-url parameter. Upon submission, the device will redirect the victim's browser to the attacker's specified URL, potentially leading to phishing attacks, malware distribution, or other malicious activities.
The vulnerability occurs due to the lack of sanitization and validation of the submit-url input before it is passed to functions like websWrite and used for redirection. This oversight makes the device vulnerable to open redirect attacks, as it allows external attackers to manipulate the redirection behavior, leading users to malicious websites
The code contains a vulnerability due to improper handling of user input in the formStaDrvSetup function, where the submit-url parameter is passed directly into the websWrite function without proper sanitization or validation. This creates an Open Redirect vulnerability.
submit-url parameter is directly passed from user input to websWrite without proper validation or sanitization.