CVE-2014-4716

Thomson TWG87OUIR - Cross-Site Request Forgery via Password Change Form

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4716. PoCs published by nopesled.

AI-analyzed exploit summary This HTML-based PoC exploits a CSRF vulnerability in Thomson TWG87OUIR routers to reset the admin password via a malicious POST request. The form submits automatically using JavaScript, demonstrating the lack of CSRF protection.

Description

Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR allows remote attackers to hijack the authentication of unspecified victims for requests that change passwords via the Password and PasswordReEnter parameters to goform/RgSecurity.

Exploits (1)

exploitdb WORKING POC

by nopesled · htmlwebappshardware

https://www.exploit-db.com/exploits/33866

View Code ZIP pw:eip

This HTML-based PoC exploits a CSRF vulnerability in Thomson TWG87OUIR routers to reset the admin password via a malicious POST request. The form submits automatically using JavaScript, demonstrating the lack of CSRF protection.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Thomson TWG87OUIR (Hardware Version)

No auth needed

Prerequisites: Victim must visit the malicious HTML page · Target router must be accessible on the local network

MITRE ATT&CK

T1189 - Drive-by Compromise T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/108397

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/33866

Exploit x_refsource_misc

http://packetstormsecurity.com/files/127244/Thomson-TWG87OUIR-Cross-Site-Request-Forgery.html

Scores

EPSS 0.0228

EPSS Percentile 80.8%

Details

CWE

CWE-352

Status published

Products (1)

thomson/twg87ouir

Published Jul 03, 2014

Tracked Since Feb 18, 2026