Sign-up

ID

VAR-202011-0712


CVE

CVE-2020-25988


TITLE

Genexis Platinum 4410 Router  Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013954

DESCRIPTION

UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent. Genexis Platinum 4410 Router Contains a vulnerability in the transmission of important information in clear text.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2020-25988 // JVNDB: JVNDB-2020-013954

AFFECTED PRODUCTS

vendor:genexismodel:platinum 4410scope:eqversion:p4410-v2-1.34h

Trust: 1.0

vendor:genexismodel:platinum-4410scope:eqversion: -

Trust: 0.8

vendor:genexismodel:platinum-4410scope:eqversion:genexis platinum-4410 firmware 2.1 (p4410-v2-1.34h)

Trust: 0.8

sources: JVNDB: JVNDB-2020-013954 // NVD: CVE-2020-25988

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-25988
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-25988
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202011-1539
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2020-25988
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2020-25988
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2020-25988
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-013954 // CNNVD: CNNVD-202011-1539 // NVD: CVE-2020-25988

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:Sending important information in clear text (CWE-319) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013954 // NVD: CVE-2020-25988

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202011-1539

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-1539

PATCH

title:Top Pageurl:https://www.gxgroup.eu/

Trust: 0.8

sources: JVNDB: JVNDB-2020-013954

EXTERNAL IDS

db:NVDid:CVE-2020-25988

Trust: 2.4

db:EXPLOIT-DBid:49075

Trust: 2.4

db:JVNDBid:JVNDB-2020-013954

Trust: 0.8

db:CNNVDid:CNNVD-202011-1539

Trust: 0.6

sources: JVNDB: JVNDB-2020-013954 // CNNVD: CNNVD-202011-1539 // NVD: CVE-2020-25988

REFERENCES

url:https://www.exploit-db.com/exploits/49075

Trust: 3.0

url:https://github.com/ideaengine007/randomstuffs/blob/main/version_vulnerable.png

Trust: 1.6

url:https://youtu.be/gomlavacqsi

Trust: 1.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-25988

Trust: 1.4

url:https://medium.com/%40niteshsurana/424f0db73129

Trust: 1.0

url:https://github.com/n1teshsurana/randomstuffs/blob/main/version_vulnerable.png

Trust: 0.8

url:https://medium.com/@niteshsurana/424f0db73129

Trust: 0.6

sources: JVNDB: JVNDB-2020-013954 // CNNVD: CNNVD-202011-1539 // NVD: CVE-2020-25988

CREDITS

Nitesh Surana

Trust: 0.6

sources: CNNVD: CNNVD-202011-1539

SOURCES

db:JVNDBid:JVNDB-2020-013954
db:CNNVDid:CNNVD-202011-1539
db:NVDid:CVE-2020-25988

LAST UPDATE DATE

2024-11-23T23:04:13.414000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2020-013954date:2021-07-16T06:13:00
db:CNNVDid:CNNVD-202011-1539date:2020-12-03T00:00:00
db:NVDid:CVE-2020-25988date:2024-11-21T05:19:02.300

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2020-013954date:2021-07-16T00:00:00
db:CNNVDid:CNNVD-202011-1539date:2020-11-17T00:00:00
db:NVDid:CVE-2020-25988date:2020-11-17T20:15:11.160