Credential Leakage in Genexis Platinum 4410 Router
CVE-2020-25988

6.5MEDIUM

Key Information:

Vendor

Genexis

Status
Platinum 4410 Firmware
Vendor
CVE Published:
17 November 2020

What is CVE-2020-25988?

The Genexis Platinum 4410 Router features a UPNP service that listens on port 5555, which contains an action called 'X_GetAccess'. This action can potentially leak the administrative credentials of the device to an attacker who is adjacent to the network. By exploiting this flaw, a malicious user could gain unauthorized access to sensitive settings and controls of the router, thus compromising network integrity.

References

https://youtu.be/GOMLavacqSI
x_refsource_MISC
https://medium.com/%40niteshsurana/424f0db73129
x_refsource_MISC
https://github.com/ideaengine007/RandomStuffs/blob/main/V...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.