Vulnerability Description
A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Genexis | Platinum 4410 Firmware | p4410-v2-1.28 |
| Genexis | Platinum 4410 | 2.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-ExploitThird Party AdvisoryVDB Entry
- https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinumExploitThird Party Advisory
- https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-44ExploitThird Party Advisory
- http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-ExploitThird Party AdvisoryVDB Entry
- https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinumExploitThird Party Advisory
- https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-44ExploitThird Party Advisory
FAQ
What is CVE-2020-25015?
CVE-2020-25015 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control a...
How severe is CVE-2020-25015?
CVE-2020-25015 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-25015?
Check the references section above for vendor advisories and patch information. Affected products include: Genexis Platinum 4410 Firmware, Genexis Platinum 4410.