Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Web Caster V130 broadband router firmware version 1.08 and earlier. If a logged-in user visits a malicious webpage created by an attacker, the attacker can cause the router's settings to be changed without the user's consent. [1, 2, 3]

Useful 0 Not Useful 0

Impact Analysis

If you are logged into the Web Caster V130 router's web configuration interface and visit a malicious webpage, an attacker can change your router's settings without your knowledge or consent. This could disrupt your network configuration or affect device functionality. [1, 2, 3]

Useful 0 Not Useful 0

Detection Guidance

You can detect this vulnerability by checking the firmware version of your Web Caster V130 router. Access the router's web interface at http://192.168.100.1/, log in with the username "user" and your configured password, and verify the firmware version displayed at the top left of the settings screen. If the firmware version is 1.08 or earlier, the device is vulnerable. There are no specific network commands provided to detect the vulnerability directly. [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, immediately update the firmware of your Web Caster V130 router to version 1.09 or later. If your device is set to automatic firmware updates, the patch should be applied automatically. If you use manual updates, download and install the latest firmware from the official NTT West or NTT East websites. Additionally, avoid visiting untrusted or malicious web pages while logged into the router's web interface. [1, 2, 3]

Useful 0 Not Useful 0