Genexis Platinum-4410 2.1 Authentication Bypass

2020.01.24
Credit: Husinul Sanub
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2020-6170
CWE: CWE-287


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

# Exploit Title: Genexis Platinum-4410 2.1 - Authentication Bypass # Date: 20220-01-08 # Exploit Author: Husinul Sanub # Author Contact: https://www.linkedin.com/in/husinul-sanub-658239106/ # Vulnerable Product: Genexis Platinum-4410 v2.1 Home Gateway Router https://genexis.co.in/product/ont/ # Firmware version: P4410-V2–1.28 # Vendor Homepage: https://genexis.co.in/ # Reference: https://medium.com/@husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206 # CVE: CVE-2020-6170 Vulnerability Details ====================== Genexis Platinum-4410 v2.1 Home Gateway Router discloses passwords of each users(Admin,GENEXIS,user3) in plain text behind login page source “http://192.168.1.1/cgi-bin/index2.asp". This could potentially allow a remote attacker access sensitive information and perform actions such as reset router, changing passwords, upload malicious firmware etc. How to reproduce =================== Suppose 192.168.1.1 is the router IP and check view page source of login page “http://192.168.1.1/cgi-bin/index2.asp",There we can found passwords for each login accounts in clear text. POC ========= * https://youtu.be/IO_Ez4XH-0Y


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top