CVE-2021-29003

CRITICAL EXPLOITED IN THE WILD

Genexis Platinum 4410 Firmware - OS Command Injection

Title source: rule

Description

Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI.

Exploits (2)

exploitdb WORKING POC
by Jay Sharma · textwebappshardware
https://www.exploit-db.com/exploits/49764
nomisec WRITEUP
by jaysharma786 · poc
https://github.com/jaysharma786/CVE-2021-29003

References (2)

Scores

CVSS v3 9.8
EPSS 0.3641
EPSS Percentile 97.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2021-06-01
InTheWild.io 2021-09-30
CWE
CWE-78
Status published
Products (1)
genexis/platinum_4410_firmware p4410-v2-1.28
Published Apr 13, 2021
Tracked Since Feb 18, 2026