This is a functional CSRF exploit for Vifi Radio v1 that allows arbitrary password changes by submitting a crafted POST request to the admin panel. The exploit leverages lack of CSRF protection to modify user credentials without authentication.
Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:Vifi Radio v1
No auth needed
Prerequisites:Victim must be authenticated and tricked into submitting the form