CVE-2025-65883
HIGHGenexis Platinum 4410 Firmware P4410-V2-1.41 - Remote Code Execution via Stale Session Token Reuse
Title source: llmDescription
A vulnerability has been identified in Genexis Platinum P4410 router (Firmware P4410-V2–1.41) that allows a local network attacker to achieve Remote Code Execution (RCE) with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs out, the session token remains valid. An attacker on the local network can reuse this stale token to send crafted requests via the router’s diagnostic endpoint, resulting in command execution as root.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://0xw41th.medium.com/my-first-cve-cve-2025-65883-remote-code-execution-in-a-genexis-router-0c35749a99bd
Scores
CVSS v3
8.4
EPSS
0.0034
EPSS Percentile
25.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-613
Status
published
Products (1)
genexis/platinum_4410_firmware
p4410-v2-1.41
Published
Dec 04, 2025
Tracked Since
Feb 18, 2026