CVE-2020-25015

MEDIUM

Genexis Platinum 4410 Firmware - CSRF

Title source: rule

Description

A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.

Exploits (1)

exploitdb WORKING POC

by Jinson Varghese Behanan · textwebappshardware

https://www.exploit-db.com/exploits/49000

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.getastra.com/blog/911/csrf-broken-access-control-in-genexis-platinum-4410/

[Exploit, Third Party Advisory] https://www.jinsonvarghese.com/broken-access-control-csrf-in-genexis-platinum-4410/

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/159936/Genexis-Platinum-4410-P4410-V2-1.28-Missing-Access-Control-CSRF.html

Scores

CVSS v3 6.5

EPSS 0.0034

EPSS Percentile 56.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-352

Status published

Products (1)

genexis/platinum_4410_firmware p4410-v2-1.28

Published Sep 16, 2020

Tracked Since Feb 18, 2026