CVE-2021-47820

Vulnerability

Overview

The Ubee EVW327 router contains a cross-site request forgery (CSRF) vulnerability in its remote access control. The router's web interface does not validate the origin of requests when processing the remote access configuration form. An attacker can craft a malicious HTML page that automatically submits a POST request to the endpoint /goform/UbeeMgmtRemoteAccess with parameters to enable remote access and set the port to 8080 [2][3].

Exploitation

Exploitation requires no authentication from the attacker, but relies on a logged-in router administrator visiting the attacker's page. The attack is performed without user interaction beyond the visit; the malicious form is submitted automatically via JavaScript. The router's default LAN IP (192.168.0.0.1 is used in the exploit, indicating the attack is typically launched from within the local network [3].

Impact

Successful exploitation enables remote administration of the router on TCP port 8080. This exposes the router's management interface to the internet, potentially allowing unauthorized remote attackers to gain full control of the device, modify settings, or intercept traffic. The CVSS v3 base score is 5.3 (Medium), reflecting the need for user interaction and network proximity [1][2].

Mitigation

As of the publication date, no official patch has been announced by Ubee Interactive. Users are advised to disable remote access if not needed, avoid clicking untrusted links while logged into the router, and consider using a firewall to restrict access to the router's management interface [1][2].