EIP-2026-101884

PRE-CVE

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101884. PoCs published by cakes.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Netis ADSL Router DL4322D RTK 2.1.1, allowing an attacker to add an administrator account without authentication. The PoC includes both raw HTTP request and HTML form examples to trigger the vulnerability.

Description

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)

Exploits (1)

exploitdb WORKING POC VERIFIED

by cakes · textwebappshardware

https://www.exploit-db.com/exploits/45532

View Code ZIP pw:eip

This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Netis ADSL Router DL4322D RTK 2.1.1, allowing an attacker to add an administrator account without authentication. The PoC includes both raw HTTP request and HTML form examples to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Netis ADSL Router DL4322D RTK 2.1.1

No auth needed

Prerequisites: Victim must visit a malicious webpage or be tricked into sending a crafted HTTP request

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026