CVE-2020-25015

MEDIUM

Genexis Platinum 4410 V2-1.28 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25015. PoCs published by Jinson Varghese Behanan.

AI-analyzed exploit summary This exploit demonstrates a CSRF and broken access control vulnerability in Genexis Platinum-4410 routers, allowing an attacker to change the WiFi password via a crafted HTML form without requiring authentication.

Description

A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.

Exploits (1)

exploitdb WORKING POC
by Jinson Varghese Behanan · textwebappshardware
https://www.exploit-db.com/exploits/49000

This exploit demonstrates a CSRF and broken access control vulnerability in Genexis Platinum-4410 routers, allowing an attacker to change the WiFi password via a crafted HTML form without requiring authentication.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Genexis Platinum-4410 P4410-V2-1.28
No auth needed
Prerequisites: Victim must be connected to the vulnerable router's WiFi network · Victim must visit the malicious HTML page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 6.5
EPSS 0.0310
EPSS Percentile 86.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-352
Status published
Products (1)
genexis/platinum_4410_firmware p4410-v2-1.28
Published Sep 16, 2020
Tracked Since Feb 18, 2026