PT-2025-49123 · Genexis · Genexis Platinum P4410
Published
2025-12-04
·
Updated
2025-12-04
·
CVE-2025-65883
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Genexis Platinum P4410 router version P4410-V2–1.41
Description
A flaw exists in the Genexis Platinum P4410 router that permits a local network attacker to execute code remotely with root privileges. This is due to insufficient session invalidation following administrator logout, allowing reuse of the session token. An attacker can leverage this stale token to submit specially crafted requests through the router’s diagnostic endpoint, leading to command execution as root. The vulnerable endpoint is the diagnostic endpoint.
Recommendations
Update to a newer version that contains a fix for this vulnerability.
Exploit
Fix
RCE
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Genexis Platinum P4410