CVE-2021-32403

HIGH

Intelbras RF 301K Firmware 1.1.2 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-32403. PoCs published by Rodolfo Mariano.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Intelbras Router RF 301K, allowing an attacker to hijack DNS settings by tricking an authenticated user into submitting a malicious form. The PoC submits a POST request to change the router's DNS server to a malicious IP.

Description

Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.

Exploits (1)

exploitdb WORKING POC
by Rodolfo Mariano · htmlwebappshardware
https://www.exploit-db.com/exploits/49969

This exploit demonstrates a CSRF vulnerability in Intelbras Router RF 301K, allowing an attacker to hijack DNS settings by tricking an authenticated user into submitting a malicious form. The PoC submits a POST request to change the router's DNS server to a malicious IP.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Intelbras Router RF 301K (Firmware 1.1.2-1.1.5)
Auth required
Prerequisites: Victim must be authenticated to the router · Victim must visit the malicious HTML page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=1Ed-2xBFG3M

Scores

CVSS v3 8.8
EPSS 0.0041
EPSS Percentile 61.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
intelbras/rf_301k_firmware 1.1.2
Published May 17, 2021
Tracked Since Feb 18, 2026