Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N, firmware version 5.07.50 and possibly earlier, uses non-unique default credentials and is vulnerable to universal authentication bypass and cross-site request forgery (CSRF).
CWE-255: Credentials Management - CVE-2015-5994
Medialink MWN-WAPR300N by default uses the common admin:admin credentials for the web management interface and uses medialink:password for the wireless network. An attacker within range of a wireless network using default settings can connect and gain privileged access to the web management interface. Additionally, default credentials can be leveraged in remote attacks such as cross-site request forgery.
A remote, unauthenticated attacker may be able to induce an authenticated user into making an unintentional request to the web server that will be treated as an authentic request. A LAN-based attacker can bypass authentication to take complete control of a vulnerable device.
The CERT/CC is currently unaware of a practical solution to this problem. Until these vulnerabilities are addressed, users should consider the following workarounds.
Restrict access and use strong passwords
These vulnerabilities were reported by Joel Land of the CERT/CC. Thanks to Mandeep Singh Jadon for reporting the cookie authentication vulnerability in the Tenda N3 Wireless N150 Home Router.
This document was written by Joel Land.