Login Sign Up

CVE-2021-31152

8.8 HIGH
CSRF

📋 TL;DR

This CSRF vulnerability in Multilaser Router AC1200 firmware allows attackers to trick authenticated users into performing unauthorized actions like enabling remote access or changing passwords. It affects users of this specific router model with vulnerable firmware who access the web interface while authenticated.

💻 Affected Systems

Products:
  • Multilaser Router RE018 AC1200
Versions: V02.03.01.45_pt
Operating Systems: Embedded router firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects this specific firmware version. Requires user to be authenticated to router web interface.

📦 What is this software?

Ac1200 Re018 Firmware by Multilaser

View all CVEs affecting Ac1200 Re018 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains full administrative control of router, enabling remote access, changing credentials, and potentially intercepting all network traffic.

🟠

Likely Case

Attacker enables remote management or changes admin password, gaining persistent access to router configuration.

🟢

If Mitigated

Limited impact with proper CSRF protections and network segmentation in place.

🌐 Internet-Facing: HIGH - Router web interfaces are typically internet-facing, making CSRF attacks feasible from any website.
🏢 Internal Only: MEDIUM - Internal users could still be tricked via malicious internal sites or phishing.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires victim to be logged into router admin interface and visit malicious site. Proof-of-concept code is publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Check vendor website for firmware updates. If unavailable, implement workarounds.

🔧 Temporary Workarounds

Disable Router Web Interface

all

Prevent access to vulnerable web interface by disabling HTTP/HTTPS management

Router-specific: Disable remote management in admin interface
Use CLI if available: no ip http server

Use Browser CSRF Protection

all

Enable browser extensions that block CSRF requests

Install extensions like CSRF Guard or NoScript

🧯 If You Can't Patch

  • Segment router management to isolated VLAN
  • Implement strict same-origin policies via reverse proxy

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is V02.03.01.45_pt, assume vulnerable.

Check Version:

Login to router web interface and check System Information or Firmware version page.

Verify Fix Applied:

Test CSRF protection by attempting to submit form changes from external domain.

📡 Detection & Monitoring

Log Indicators:

  • Multiple configuration changes from same IP in short time
  • Remote management enabled unexpectedly
  • Admin password change without user action

Network Indicators:

  • HTTP POST requests to router admin endpoints with missing/referer headers
  • Cross-origin requests to router IP

SIEM Query:

source_ip=router_ip AND (event_type="config_change" OR event_type="password_change") AND referer_header NOT CONTAINS router_ip

📊 Metadata

CVE ID: CVE-2021-31152
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: April 14, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-31152, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)