CVE-2020-25015

Published: Sep 16, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.

Affected (1)

Products: Genexis: Platinum 4410 Firmware

1 product

Platinum 4410 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Genexis Platinum 4410 Firmware	Version p4410-v2-1.28

Running on/with	Platform Versions
Genexis Platinum 4410	Version 2.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/

Source: cve@mitre.org

ExploitThird Party Advisory

http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.