CVE-2018-5720

HIGH

DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extender RTN2-AW.GD.R3465.1.20161103 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-5720. PoCs published by Raffaele Sabato.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in DODOCOOL DC38 N300 devices, allowing remote attackers to modify configurations such as user credentials and Wi-Fi settings via crafted HTML forms.

Description

An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices. A Cross-site request forgery (CSRF) vulnerability allows remote attackers to hijack the authentication of users for requests that modify all the settings. This vulnerability can lead to changing an existing user's username and password, changing the Wi-Fi password, etc.

Exploits (1)

exploitdb WORKING POC
by Raffaele Sabato · htmlwebappshardware
https://www.exploit-db.com/exploits/43898

This exploit demonstrates a CSRF vulnerability in DODOCOOL DC38 N300 devices, allowing remote attackers to modify configurations such as user credentials and Wi-Fi settings via crafted HTML forms.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: DODOCOOL DC38 N300 Mini Wireless Range Extender RTN2-AW.GD.R3465.1.20161103
No auth needed
Prerequisites: Victim must be authenticated and visit a malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43898/

Scores

CVSS v3 8.8
EPSS 0.0026
EPSS Percentile 49.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
dodocool/dc38_firmware rtn2-aw.gd.r3465.1.20161103
Published Jan 29, 2018
Tracked Since Feb 18, 2026