CVE-2020-27980

MEDIUM

Genexis Platinum-4410 Firmware P4410-V2-1.28 - Stored Cross-Site Scripting in WLAN SSID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-27980. PoCs published by Amal Mohandas.

AI-analyzed exploit summary This is a writeup describing a persistent XSS vulnerability in the Genexis Platinum-4410 Home Gateway Router. The vulnerability allows attackers to inject malicious scripts into the SSID parameter, affecting all privileged users upon viewing the WLAN settings.

Description

Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users.

Exploits (1)

exploitdb WRITEUP

by Amal Mohandas · textwebappshardware

https://www.exploit-db.com/exploits/48948

View Code ZIP pw:eip

This is a writeup describing a persistent XSS vulnerability in the Genexis Platinum-4410 Home Gateway Router. The vulnerability allows attackers to inject malicious scripts into the SSID parameter, affecting all privileged users upon viewing the WLAN settings.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Genexis Platinum-4410 Home Gateway Router (P4410-V2-1.28)

Auth required

Prerequisites: Access to the router's admin interface · Valid credentials for authentication

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product, Vendor Advisory x_refsource_misc

https://genexis.eu/product/platinum/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/48948

Scores

CVSS v3 5.4

EPSS 0.0063

EPSS Percentile 45.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

genexis/platinum-4410_firmware 1.28

Published Oct 28, 2020

Tracked Since Feb 18, 2026