Vulnerability Description
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Genexis | Platinum 4410 Firmware | p4410-v2-1.34h |
| Genexis | Platinum 4410 | 2.1 |
Related Weaknesses (CWE)
References
- https://github.com/ideaengine007/RandomStuffs/blob/main/Version_Vulnerable.PNGThird Party Advisory
- https://medium.com/%40niteshsurana/424f0db73129
- https://www.exploit-db.com/exploits/49075ExploitThird Party AdvisoryVDB Entry
- https://youtu.be/GOMLavacqSIExploitThird Party Advisory
- https://github.com/ideaengine007/RandomStuffs/blob/main/Version_Vulnerable.PNGThird Party Advisory
- https://medium.com/%40niteshsurana/424f0db73129
- https://www.exploit-db.com/exploits/49075ExploitThird Party AdvisoryVDB Entry
- https://youtu.be/GOMLavacqSIExploitThird Party Advisory
FAQ
What is CVE-2020-25988?
CVE-2020-25988 is a vulnerability with a CVSS score of 6.5 (MEDIUM). UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adja...
How severe is CVE-2020-25988?
CVE-2020-25988 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-25988?
Check the references section above for vendor advisories and patch information. Affected products include: Genexis Platinum 4410 Firmware, Genexis Platinum 4410.