Talos Vulnerability Report TALOS-2023-1872 Realtek rtl819x Jungle SDK boa CSRF protection cross-site request forgery (CSRF) vulnerability July 8, 2024 CVE Number CVE-2023-47677 SUMMARY A cross-site request forgery (csrf) vulnerability exists in the boa CSRF protection functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted network request can lead to CSRF. An attacker can send an HTTP request to trigger this vulnerability. CONFIRMED VULNERABLE VERSIONS The versions below were either tested or verified to be vulnerable by Talos or confirmed to be vulnerable by the vendor. LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623 Realtek rtl819x Jungle SDK v3.4.11 PRODUCT URLS rtl819x Jungle SDK – https://www.realtek.com/en/ WBR-6013 – https://www.level1.com/level1_en/wbr-6013-n300-wireless-router-54069103 CVSSv3 SCORE 8.8 – CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CWE CWE-352 – Cross-Site Request Forgery (CSRF) DETAILS The rtl819x Jungle SDK is an SDK for routers. This SDK uses as web server boa. This Realtek rtl819x Jungle SDK vulnerability was found while researching the Levelone WBR-6013 router. We are going to explain this vulnerability from the perspective of the WBR-6013 router. The WBR-6013 router has a web server called boa. This web server has a CSRF mechanism that will not allow any API call until an HTML page that contains a form with that endpoint API is loaded. This mechanism does not actually prevent CSRF. Indeed, exploitation of a vulnerability…Read More