CVE-2020-25988

Опубликовано: 17 нояб. 2020

Источник: nvd

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.

Ссылки

https://github.com/ideaengine007/RandomStuffs/blob/main/Version_Vulnerable.PNG
Third Party Advisory
https://medium.com/%40niteshsurana/424f0db73129
https://www.exploit-db.com/exploits/49075
Exploit
Third Party Advisory
VDB Entry
https://youtu.be/GOMLavacqSI
Exploit
Third Party Advisory
https://github.com/ideaengine007/RandomStuffs/blob/main/Version_Vulnerable.PNG
Third Party Advisory
https://medium.com/%40niteshsurana/424f0db73129
https://www.exploit-db.com/exploits/49075
Exploit
Third Party Advisory
VDB Entry
https://youtu.be/GOMLavacqSI
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:genexis:platinum_4410_firmware:p4410-v2-1.34h:*:*:*:*:*:*:*

cpe:2.3:h:genexis:platinum_4410:2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03345

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-319

Связанные уязвимости

GHSA-q8w2-r6p5-v4mx

github

больше 3 лет назад

UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.