CVE-2020-25015

A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.5^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/	Exploit Third Party Advisory
https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/	Exploit Third Party Advisory
http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.html	Exploit Third Party Advisory VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:genexis:platinum_4410_firmware:p4410-v2-1.28:*:*:*:*:*:*:*

cpe:2.3:h:genexis:platinum_4410:2.1:*:*:*:*:*:*:*

Information

Published : 2020-09-16 11:15

Updated : 2022-11-16 06:14

NVD link : CVE-2020-25015

Mitre link : CVE-2020-25015

JSON object : View

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

Advertisement

Products Affected

genexis

platinum_4410_firmware
platinum_4410

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/", "name": "https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/", "name": "https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/", "tags": ["Exploit", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.html", "name": "http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point\u2019s password."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-352"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-25015", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2020-09-16T18:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:genexis:platinum_4410_firmware:p4410-v2-1.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:genexis:platinum_4410:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-11-16T14:14Z"}