header-logo
Suggest Exploit
vendor:
Genexis Platinum-4410
by:
Husinul Sanub
9.8
CVSS
CRITICAL
Authentication Bypass
287
CWE
Product Name: Genexis Platinum-4410
Affected Version From: Genexis Platinum-4410 v2.1
Affected Version To: Genexis Platinum-4410 v2.1
Patch Exists: NO
Related CWE: CVE-2020-6170
CPE: h:genexis:platinum-4410:2.1
Metasploit:
Other Scripts:
Platforms Tested:
2020

Genexis Platinum-4410 2.1 – Authentication Bypass

Genexis Platinum-4410 v2.1 Home Gateway Router discloses passwords of each users (Admin, GENEXIS, user3) in plain text behind login page source "http://192.168.1.1/cgi-bin/index2.asp". This could potentially allow a remote attacker access sensitive information and perform actions such as reset router, changing passwords, upload malicious firmware, etc.

Mitigation:

Upgrade to a patched firmware version that fixes the authentication bypass vulnerability. Alternatively, restrict access to the router's web interface to trusted IP addresses only.
Source

Exploit-DB raw data:

# Exploit Title:  Genexis Platinum-4410 2.1 - Authentication Bypass
# Date: 20220-01-08
# Exploit Author: Husinul Sanub
# Author Contact: https://www.linkedin.com/in/husinul-sanub-658239106/
# Vulnerable Product: Genexis Platinum-4410 v2.1 Home Gateway Router https://genexis.co.in/product/ont/
# Firmware version: P4410-V2–1.28
# Vendor Homepage: https://genexis.co.in/
# Reference: https://medium.com/@husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206
# CVE: CVE-2020-6170

Vulnerability Details
======================
Genexis Platinum-4410 v2.1 Home Gateway Router discloses passwords of each users(Admin,GENEXIS,user3) in plain text behind login page source “http://192.168.1.1/cgi-bin/index2.asp". This could potentially allow a remote attacker access sensitive information and perform actions such as reset router, changing passwords, upload malicious firmware etc.

How to reproduce
===================
Suppose 192.168.1.1 is the router IP and check view page source of login page “http://192.168.1.1/cgi-bin/index2.asp",There we can found passwords for each login accounts in clear text.


POC
=========
* https://youtu.be/IO_Ez4XH-0Y

Navigation

Suggest Exploit

Services By CQR