CVE-2020-25988

UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.
References
Link Resource
https://youtu.be/GOMLavacqSI Exploit Third Party Advisory
https://github.com/ideaengine007/RandomStuffs/blob/main/Version_Vulnerable.PNG Third Party Advisory
https://www.exploit-db.com/exploits/49075 Exploit Third Party Advisory VDB Entry
https://medium.com/@niteshsurana/424f0db73129 Exploit Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:genexis:platinum_4410_firmware:p4410-v2-1.34h:*:*:*:*:*:*:*
cpe:2.3:h:genexis:platinum_4410:2.1:*:*:*:*:*:*:*

Information

Published : 2020-11-17 12:15

Updated : 2020-12-02 06:15


NVD link : CVE-2020-25988

Mitre link : CVE-2020-25988


JSON object : View

CWE
CWE-319

Cleartext Transmission of Sensitive Information

Advertisement

dedicated server usa

Products Affected

genexis

  • platinum_4410_firmware
  • platinum_4410