A vulnerability has been identified in Genexis Platinum P4410 router (Firmware P4410-V2–1.41) that allows a local network attacker to achieve Remote Code Execution (RCE) with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs out, the session token remains valid. An attacker on the local network can reuse this stale token to send crafted requests via the router’s diagnostic endpoint, resulting in command execution as root.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Genexis |
|
No data.
No data.
References
History
Fri, 05 Dec 2025 11:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Genexis
Genexis platinum Genexis platinum P4410 |
|
| Vendors & Products |
Genexis
Genexis platinum Genexis platinum P4410 |
Thu, 04 Dec 2025 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability has been identified in Genexis Platinum P4410 router (Firmware P4410-V2–1.41) that allows a local network attacker to achieve Remote Code Execution (RCE) with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs out, the session token remains valid. An attacker on the local network can reuse this stale token to send crafted requests via the router’s diagnostic endpoint, resulting in command execution as root. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2025-12-04T00:00:00.000Z
Updated: 2025-12-04T19:32:26.017Z
Reserved: 2025-11-18T00:00:00.000Z
Link: CVE-2025-65883
Vulnrichment
No data.
NVD
Status : Received
Published: 2025-12-04T20:16:19.770
Modified: 2025-12-04T20:16:19.770
Link: CVE-2025-65883
Redhat
No data.