CVE-2020-6170

moderate-risk
Published 2020-01-08

An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.

Do I need to act?

~
9.8% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
47961
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Platinum-4410 Firmware

Affected Vendors

Genexis

References (4)

Exploit http://packetstormsecurity.com/files/156075/Genexis-Platinum-4410-2.1-Authentica...
https://medium.com/%40husinulzsanub/exploiting-router-authentication-through-web...
Exploit http://packetstormsecurity.com/files/156075/Genexis-Platinum-4410-2.1-Authentica...
https://medium.com/%40husinulzsanub/exploiting-router-authentication-through-web...
48
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 11/34 · Low
Exposure 5/34 · Minimal