Broken Access Control and CSRF in Genexis Router
CVE-2020-25015

6.5MEDIUM

Key Information:

Vendor

Genexis

Status
Platinum 4410 Firmware
Vendor
CVE Published:
16 September 2020

What is CVE-2020-25015?

The Genexis Platinum 4410 V2-1.28, a widely used router in home and office environments, suffers from a significant security flaw that enables an attacker to remotely alter the Wi-Fi password. This vulnerability arises from a combination of broken access control and CSRF weaknesses, permitting unauthorized users to manipulate router settings without proper authentication. As a result, attackers can easily disrupt connectivity and potentially gain access to sensitive information transmitted over the compromised network.

References

https://www.getastra.com/blog/911/csrf-broken-access-cont...
x_refsource_MISC
https://www.jinsonvarghese.com/broken-access-control-csrf...
x_refsource_MISC
http://packetstormsecurity.com/files/159936/Genexis-Plati...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.