CVE-2019-19516

MEDIUM

Intelbras WRN 150 1.0.18 - Cross-Site Request Forgery via Password Change

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2019-19516. PoCs published by Prof. Joas Antonio.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Intelbras Router RF1200 1.1.3, allowing an attacker to trick a logged-in admin into submitting a form that authenticates with default credentials. The PoC includes a hidden form with predefined admin credentials to exploit the lack of CSRF protection.

Description

Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.

Exploits (2)

exploitdb WORKING POC
by Prof. Joas Antonio · textwebappshardware
https://www.exploit-db.com/exploits/47738

This exploit demonstrates a CSRF vulnerability in Intelbras Router RF1200 1.1.3, allowing an attacker to trick a logged-in admin into submitting a form that authenticates with default credentials. The PoC includes a hidden form with predefined admin credentials to exploit the lack of CSRF protection.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Intelbras Router RF1200 1.1.3
No auth needed
Prerequisites: Victim must be authenticated as admin · Default credentials must not have been changed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
by Prof. Joas Antonio · textwebappshardware
https://www.exploit-db.com/exploits/47545

This is a functional CSRF exploit targeting Intelbras WRN150 routers (v1.0.18). It demonstrates how an attacker can trick a victim into changing the router's admin password via a malicious HTML form submission.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Intelbras WRN150 Router 1.0.18
No auth needed
Prerequisites: Victim must be authenticated to the router's admin interface · Attacker must lure victim to a malicious webpage
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/47545

Scores

CVSS v3 6.5
EPSS 0.0963
EPSS Percentile 94.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
intelbras/wrn_150_firmware 1.0.18
Published Dec 02, 2019
Tracked Since Feb 18, 2026