CVE-2012-1922

Sitecom WLM-2501 - Cross-Site Request Forgery in Multiple Admin Forms

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2012-1922. PoCs published by Ivano Binetti.

AI-analyzed exploit summary This exploit demonstrates multiple CSRF vulnerabilities in the Sitecom WLM-2501 router's web interface, allowing an attacker to disable various security features (e.g., MAC filtering, IP/Port filtering, WPS) via crafted HTML forms that submit POST requests to the router's management interface.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom WLM-2501 allow remote attackers to hijack the authentication of administrators for requests that modify settings for (1) Mac Filtering via admin/formFilter, (2) IP/Port Filtering via formFilter, (3) Port Forwarding via formPortFw, (4) Wireless Access Control via admin/formWlAc, (5) Wi-Fi Protected Setup via formWsc, (6) URL Blocking Filter via formURL, (7) Domain Blocking Filter via formDOMAINBLK, and (8) IP Address ACL Filter via admin/formACL in goform/, different vectors than CVE-2012-1921.

Exploits (2)

exploitdb WORKING POC

by Ivano Binetti · textwebappsasp

https://www.exploit-db.com/exploits/18651

View Code ZIP pw:eip

This exploit demonstrates multiple CSRF vulnerabilities in the Sitecom WLM-2501 router's web interface, allowing an attacker to disable various security features (e.g., MAC filtering, IP/Port filtering, WPS) via crafted HTML forms that submit POST requests to the router's management interface.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Sitecom WLM-2501 (and potentially other Sitecom WL series routers)

No auth needed

Prerequisites: Victim must be authenticated to the router's web interface · Attacker must trick the victim into visiting a malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC

by Ivano Binetti · textwebappshardware

https://www.exploit-db.com/exploits/18597

View Code ZIP pw:eip

This is a CSRF exploit targeting Sitecom WLM-2501 routers, allowing an attacker to change the wireless passphrase by tricking an authenticated user into visiting a malicious webpage. The exploit submits a crafted form to the router's web interface without user interaction.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Sitecom WLM-2501 (and potentially other Sitecom WL series routers)

Auth required

Prerequisites: Victim must be authenticated to the router's web interface · Victim must visit the malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources x_refsource_misc

http://www.webapp-security.com/wp-content/uploads/2012/03/Sitecom-WLM-2501-new-Multiple-CSRF-Vulnerabilities-1.txt

Various Sources x_refsource_misc

http://www.webapp-security.com/2012/03/sitecom-wlm-2501-multiple-csrf-vulnerabilities

Scores

EPSS 0.0139

EPSS Percentile 68.7%

Details

CWE

CWE-352

Status published

Products (1)

sitecom/wlm-2501

Published Jan 24, 2013

Tracked Since Feb 18, 2026