Alice Gate AGPF: CSRF reconfiguration vulnerability

Emilio Pinna, BackBox community member, discover a high severity vulnerability on the router Telecom ADSL Alice Gate VoIP 2 Plus Wi-Fi.

A huge number of ADSL broadband Italian users are vulnerable to connection wiretapping and phishing. The most widely distribuited italian ADSL router Alice Gate 2 Plus Voip Wi-Fi (AGPF), product by Pirelli and based of openrg middleware software, suffers a CSRF attack that allows an attacker to modify internal router configuration like DNS servers, traffic routing, VoIP configurations, DHCP parameters, etc, of a vulnerable user, leading to completely takeover the user ADSL connection. The technique is also useful to enable hidden feature and telnet/ftp/tftp/web extended admin interface.

More info on official blog.

Weevely v0.7 released!

Weevely returns with improved stability, usability and with some delicious network features useful during your penetration testing or simple web shell management.

To download it go to official page or simply upgrade your BackBox and start using it reading with a quick tutorial.

Talk @ Release Party

Raffaele Forte speaker all’evento organizzato a Roma il 2 Luglio da

Il founder del progetto BackBox Linux interverrà in materia di Sicurezza Applicativa con un talk dal titolo "CMS, Analisi automatica delle vulnerabilità".


Subscribe to RSS - blogs