ReadyNet WRT300N-DD Wireless Router, firmware version 1.0.26, uses default credentials, is vulnerable to cross-site request forgery, and uses insufficiently random values for DNS queries.
CWE-255: Credentials Management - CVE-2015-7280
The ReadyNet WRT300N-DD Wireless Router web administration interface uses non-random default credentials of admin:admin. A local area network attacker can gain privileged access to a vulnerable device's web management interfaces or leverage default credentials in remote attacks such as cross-site request forgery.
A remote, unauthenticated attacker may be able to spoof DNS responses to cause WRT300N-DD LAN clients to contact attacker-controlled hosts or induce an authenticated user into making an unintentional request to the web server that will be treated as an authentic request. A local area network attacker can take complete control of a device using default admin credentials.
The CERT/CC is currently unaware of a practical solution to this problem. Until these vulnerabilities are addressed, users should consider the following workarounds.
Restrict access and use strong passwords
These vulnerabilities were reported by Joel Land of the CERT/CC.
This document was written by Joel Land.