Genexis Platinum-4410 version 2.1 suffers from an authentication bypass vulnerability.
3fbbc6a6ae0b5efed5aa005759bfb65996a61978daab290928db336965952ebc# Exploit Title: Genexis Platinum-4410 2.1 - Authentication Bypass
# Date: 20220-01-08
# Exploit Author: Husinul Sanub
# Author Contact: https://www.linkedin.com/in/husinul-sanub-658239106/
# Vulnerable Product: Genexis Platinum-4410 v2.1 Home Gateway Router https://genexis.co.in/product/ont/
# Firmware version: P4410-V2–1.28
# Vendor Homepage: https://genexis.co.in/
# Reference: https://medium.com/@husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206
# CVE: CVE-2020-6170
Vulnerability Details
======================
Genexis Platinum-4410 v2.1 Home Gateway Router discloses passwords of each users(Admin,GENEXIS,user3) in plain text behind login page source “http://192.168.1.1/cgi-bin/index2.asp". This could potentially allow a remote attacker access sensitive information and perform actions such as reset router, changing passwords, upload malicious firmware etc.
How to reproduce
===================
Suppose 192.168.1.1 is the router IP and check view page source of login page “http://192.168.1.1/cgi-bin/index2.asp",There we can found passwords for each login accounts in clear text.
POC
=========
* https://youtu.be/IO_Ez4XH-0Y
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed