Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
Genexis Platinum-4410 2.1 - Authentication Bypass - exploit.company
header-logo
Suggest Exploit
vendor:
Genexis Platinum-4410
by:
Husinul Sanub
9.8
CVSS
CRITICAL
Authentication Bypass
287
CWE
Product Name: Genexis Platinum-4410
Affected Version From: Genexis Platinum-4410 v2.1
Affected Version To: Genexis Platinum-4410 v2.1
Patch Exists: NO
Related CWE: CVE-2020-6170
CPE: h:genexis:platinum-4410:2.1
Metasploit:
Other Scripts:
Platforms Tested:
2020

Genexis Platinum-4410 2.1 – Authentication Bypass

Genexis Platinum-4410 v2.1 Home Gateway Router discloses passwords of each users (Admin, GENEXIS, user3) in plain text behind login page source "http://192.168.1.1/cgi-bin/index2.asp". This could potentially allow a remote attacker access sensitive information and perform actions such as reset router, changing passwords, upload malicious firmware, etc.

Mitigation:

Upgrade to a patched firmware version that fixes the authentication bypass vulnerability. Alternatively, restrict access to the router's web interface to trusted IP addresses only.
Source

Exploit-DB raw data:

# Exploit Title:  Genexis Platinum-4410 2.1 - Authentication Bypass
# Date: 20220-01-08
# Exploit Author: Husinul Sanub
# Author Contact: https://www.linkedin.com/in/husinul-sanub-658239106/
# Vulnerable Product: Genexis Platinum-4410 v2.1 Home Gateway Router https://genexis.co.in/product/ont/
# Firmware version: P4410-V2–1.28
# Vendor Homepage: https://genexis.co.in/
# Reference: https://medium.com/@husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206
# CVE: CVE-2020-6170

Vulnerability Details
======================
Genexis Platinum-4410 v2.1 Home Gateway Router discloses passwords of each users(Admin,GENEXIS,user3) in plain text behind login page source “http://192.168.1.1/cgi-bin/index2.asp". This could potentially allow a remote attacker access sensitive information and perform actions such as reset router, changing passwords, upload malicious firmware etc.

How to reproduce
===================
Suppose 192.168.1.1 is the router IP and check view page source of login page “http://192.168.1.1/cgi-bin/index2.asp",There we can found passwords for each login accounts in clear text.


POC
=========
* https://youtu.be/IO_Ez4XH-0Y

Navigation

Suggest Exploit

Services By CQR

cqrsecured