CVE-2020-6170

CRITICAL

Genexis Platinum-4410 <2.1 - Auth Bypass

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-6170. PoCs published by Husinul Sanub.

AI-analyzed exploit summary The exploit describes an authentication bypass vulnerability in Genexis Platinum-4410 v2.1 routers where user passwords are exposed in plain text within the login page source code. This allows remote attackers to retrieve sensitive credentials without authentication.

Description

An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.

Exploits (1)

exploitdb WRITEUP

by Husinul Sanub · textwebappshardware

https://www.exploit-db.com/exploits/47961

View Code ZIP pw:eip

The exploit describes an authentication bypass vulnerability in Genexis Platinum-4410 v2.1 routers where user passwords are exposed in plain text within the login page source code. This allows remote attackers to retrieve sensitive credentials without authentication.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Genexis Platinum-4410 v2.1

No auth needed

Prerequisites: Access to the router's login page at http://192.168.1.1/cgi-bin/index2.asp

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources x_refsource_misc

https://medium.com/%40husinulzsanub/exploiting-router-authentication-through-web-interface-68660c708206

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/156075/Genexis-Platinum-4410-2.1-Authentication-Bypass.html

Scores

CVSS v3 9.8

EPSS 0.0733

EPSS Percentile 93.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-200 CWE-306

Status published

Products (1)

genexis/platinum-4410_firmware 1.28

Published Jan 08, 2020

Tracked Since Feb 18, 2026