CVE-2013-3083

Belkin F5D8236-4 v2 - Cross-Site Request Forgery via remote_mgmt_enabled and remote_mgmt_port Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3083. PoCs published by Jacob Holcomb.

AI-analyzed exploit summary This HTML-based PoC exploits a CSRF vulnerability in Belkin F5D8236-4 routers to enable remote management without authentication. It submits a crafted POST request to the router's system settings endpoint to enable remote management on port 31337.

Description

Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary ports via the remote_mgmt_enabled and remote_mgmt_port parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jacob Holcomb · htmlremotehardware

https://www.exploit-db.com/exploits/38495

View Code ZIP pw:eip

This HTML-based PoC exploits a CSRF vulnerability in Belkin F5D8236-4 routers to enable remote management without authentication. It submits a crafted POST request to the router's system settings endpoint to enable remote management on port 31337.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Belkin F5D8236-4 v2 Router

No auth needed

Prerequisites: Victim must visit the malicious HTML page · Router must be accessible on the local network

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf

Scores

EPSS 0.0219

EPSS Percentile 80.0%

Details

CWE

CWE-352

Status published

Products (1)

belkin/f5d8236-4_v2

Published Sep 29, 2014

Tracked Since Feb 18, 2026