CVE-2020-6170

Name of the Vulnerable Software and Affected Versions Genexis Platinum-P4410-V2 versions 1.28 and earlier Genexis Platinum-4410 versions 2.1 and earlier

Description The issue is related to insufficient authentication in the cgi-bin/index2.asp component of the Genexis Platinum-P4410-V2 and Genexis Platinum-4410 router software. This allows a remote attacker to obtain authentication credentials for access to the router's administration panel by viewing the HTML source code of the login page. The vulnerable API endpoint is "cgi-bin/index2.asp".

Recommendations For Genexis Platinum-P4410-V2 version 1.28, update to a version that fixes the authentication bypass issue. For Genexis Platinum-4410 version 2.1, update to a version that fixes the authentication bypass issue. As a temporary workaround, consider restricting access to the cgi-bin/index2.asp endpoint until a patch is available.