ID
VAR-E-202001-0080
CVE
cve_id: | CVE-2020-6170 | Trust: 1.5 |
EDB ID
47961
TITLE
Genexis Platinum-4410 2.1 - Authentication Bypass - Hardware webapps Exploit
Trust: 0.6
DESCRIPTION
Genexis Platinum-4410 2.1 - Authentication Bypass. CVE-2020-6170 . webapps exploit for Hardware platform
Trust: 0.6
AFFECTED PRODUCTS
vendor: | genexis | model: | platinum-4410 | scope: | eq | version: | 2.1 | Trust: 1.6 |
vendor: | genexis | model: | platinum-4410 authentication | scope: | eq | version: | 2.1 | Trust: 0.5 |
EXPLOIT
# Exploit Title: Genexis Platinum-4410 2.1 - Authentication Bypass
# Date: 20220-01-08
# Exploit Author: Husinul Sanub
# Author Contact: https://www.linkedin.com/in/husinul-sanub-658239106/
# Vulnerable Product: Genexis Platinum-4410 v2.1 Home Gateway Router https://genexis.co.in/product/ont/
# Firmware version: P4410-V2–1.28
# Vendor Homepage: https://genexis.co.in/
# Reference: https://medium.com/@husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206
# CVE: CVE-2020-6170
Vulnerability Details
======================
Genexis Platinum-4410 v2.1 Home Gateway Router discloses passwords of each users(Admin,GENEXIS,user3) in plain text behind login page source “http://192.168.1.1/cgi-bin/index2.asp". This could potentially allow a remote attacker access sensitive information and perform actions such as reset router, changing passwords, upload malicious firmware etc.
How to reproduce
===================
Suppose 192.168.1.1 is the router IP and check view page source of login page “http://192.168.1.1/cgi-bin/index2.asp",There we can found passwords for each login accounts in clear text.
POC
=========
* https://youtu.be/IO_Ez4XH-0Y
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Authentication Bypass
Trust: 1.6
TAGS
tag: | Authentication Bypass / Credentials Bypass (AB/CB) | Trust: 1.0 |
tag: | exploit | Trust: 0.5 |
tag: | bypass | Trust: 0.5 |
CREDITS
Husinul Sanub
Trust: 0.6
EXTERNAL IDS
db: | EXPLOIT-DB | id: | 47961 | Trust: 1.6 |
db: | NVD | id: | CVE-2020-6170 | Trust: 1.5 |
db: | EDBNET | id: | 102527 | Trust: 0.6 |
db: | PACKETSTORM | id: | 156075 | Trust: 0.5 |
REFERENCES
url: | https://nvd.nist.gov/vuln/detail/cve-2020-6170 | Trust: 1.5 |
url: | https://www.exploit-db.com/exploits/47961/ | Trust: 0.6 |
SOURCES
db: | PACKETSTORM | id: | 156075 |
db: | EXPLOIT-DB | id: | 47961 |
db: | EDBNET | id: | 102527 |
LAST UPDATE DATE
2022-07-27T09:34:50.073000+00:00
SOURCES RELEASE DATE
db: | PACKETSTORM | id: | 156075 | date: | 2020-01-24T16:54:01 |
db: | EXPLOIT-DB | id: | 47961 | date: | 2020-01-24T00:00:00 |
db: | EDBNET | id: | 102527 | date: | 2020-01-24T00:00:00 |