While testing the Genexis Platinum 4410 home router version 2.1 (software version P4410-V2-1.28), I was able to find that the router is vulnerable to Broken Access Control and CSRF.
CVE ID: CVE-2020-25015
Platinum 4410 is a compact router from Genexis that is commonly used at homes. Hardware version V2.1 – Software version P4410-V2-1.28 was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.
Access control enforces policy such that users cannot act outside of their intended permissions. Failures typically lead to unauthorized information disclosure, modification or destruction of all data, or performing a business function outside of the limits of the user.— OWASP
For more information on CSRF, please visit this article.
An attacker can send the victim a link, which if he clicks while he is connected to the WIFI network established from the vulnerable router, the password of the WIFI access point will get changed via CSRF exploit. As the router is also vulnerable to Broken Access Control, the victim does not need to be logged in to the router’s web-based setup page (192.168.1.1), essentially making this a one-click hack.
More details on the vulnerability will be added after October 1.
- Vulnerability reported to the Genexis team on August 28, 2020
- Team confirmed firmware release containing fix on September 14, 2020
- As per the Genexis team, customers should contact their ISP in order to get access to the latest firmware.
- Use a more secure router if you are unable to upgrade the firmware.