a497fe32ec
6 changes to exploits/shellcodes Remote Desktop Gateway - 'BlueGate' Denial of Service (PoC) Ricoh Printer Drivers - Local Privilege Escalation TP-Link TP-SG105E 1.0.0 - Unauthenticated Remote Reboot Webtareas 2.0 - 'id' SQL Injection OLK Web Store 2020 - Cross-Site Request Forgery Genexis Platinum-4410 2.1 - Authentication Bypass
22 lines
No EOL
1.2 KiB
Text
22 lines
No EOL
1.2 KiB
Text
# Exploit Title: Genexis Platinum-4410 2.1 - Authentication Bypass
|
||
# Date: 20220-01-08
|
||
# Exploit Author: Husinul Sanub
|
||
# Author Contact: https://www.linkedin.com/in/husinul-sanub-658239106/
|
||
# Vulnerable Product: Genexis Platinum-4410 v2.1 Home Gateway Router https://genexis.co.in/product/ont/
|
||
# Firmware version: P4410-V2–1.28
|
||
# Vendor Homepage: https://genexis.co.in/
|
||
# Reference: https://medium.com/@husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206
|
||
# CVE: CVE-2020-6170
|
||
|
||
Vulnerability Details
|
||
======================
|
||
Genexis Platinum-4410 v2.1 Home Gateway Router discloses passwords of each users(Admin,GENEXIS,user3) in plain text behind login page source “http://192.168.1.1/cgi-bin/index2.asp". This could potentially allow a remote attacker access sensitive information and perform actions such as reset router, changing passwords, upload malicious firmware etc.
|
||
|
||
How to reproduce
|
||
===================
|
||
Suppose 192.168.1.1 is the router IP and check view page source of login page “http://192.168.1.1/cgi-bin/index2.asp",There we can found passwords for each login accounts in clear text.
|
||
|
||
|
||
POC
|
||
=========
|
||
* https://youtu.be/IO_Ez4XH-0Y |