Exploit for Genexis Platinum-4410 2.1 Authentication Bypass CVE-2020-6170

Name: Exploit for Genexis Platinum-4410 2.1 Authentication Bypass CVE-2020-6170
Rating: 5 (200 reviews)

2020-01-24 | CVSS 5.0

## https://sploitus.com/exploit?id=PACKETSTORM:156075
# Exploit Title: Genexis Platinum-4410 2.1 - Authentication Bypass  
# Date: 20220-01-08  
# Exploit Author: Husinul Sanub  
# Author Contact: https://www.linkedin.com/in/husinul-sanub-658239106/  
# Vulnerable Product: Genexis Platinum-4410 v2.1 Home Gateway Router https://genexis.co.in/product/ont/  
# Firmware version: P4410-V2–1.28  
# Vendor Homepage: https://genexis.co.in/  
# Reference: https://medium.com/@husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206  
# CVE: CVE-2020-6170  
  
Vulnerability Details  
======================  
Genexis Platinum-4410 v2.1 Home Gateway Router discloses passwords of each users(Admin,GENEXIS,user3) in plain text behind login page source “http://192.168.1.1/cgi-bin/index2.asp". This could potentially allow a remote attacker access sensitive information and perform actions such as reset router, changing passwords, upload malicious firmware etc.  
  
How to reproduce  
===================  
Suppose 192.168.1.1 is the router IP and check view page source of login page “http://192.168.1.1/cgi-bin/index2.asp",There we can found passwords for each login accounts in clear text.  
  
  
POC  
=========  
* https://youtu.be/IO_Ez4XH-0Y