Alice Gate AGPF: CSRF reconfiguration vulnerability

Emilio Pinna, BackBox community member, discover a high severity vulnerability on the router Telecom ADSL Alice Gate VoIP 2 Plus Wi-Fi.

A huge number of ADSL broadband Italian users are vulnerable to connection wiretapping and phishing. The most widely distribuited italian ADSL router Alice Gate 2 Plus Voip Wi-Fi (AGPF), product by Pirelli and based of openrg middleware software, suffers a CSRF attack that allows an attacker to modify internal router configuration like DNS servers, traffic routing, VoIP configurations, DHCP parameters, etc, of a vulnerable user, leading to completely takeover the user ADSL connection. The technique is also useful to enable hidden feature and telnet/ftp/tftp/web extended admin interface.

More info on official blog.