Vulnerabilities > Genexis

DATE CVE VULNERABILITY TITLE RISK
2021-11-10 CVE-2020-28137 Cross-Site Request Forgery (CSRF) vulnerability in Genexis Platinum 4410 Firmware P4410V21.28
Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router.
network
genexis CWE-352
7.1
2021-04-13 CVE-2021-29003 OS Command Injection vulnerability in Genexis Platinum 4410 Firmware P4410V21.28
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI.
network
low complexity
genexis CWE-78
7.5
2020-11-17 CVE-2020-25988 Cleartext Transmission of Sensitive Information vulnerability in Genexis Platinum 4410 Firmware P4410V21.34H
UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.
low complexity
genexis CWE-319
6.5
2020-10-28 CVE-2020-27980 Cross-site Scripting vulnerability in Genexis Platinum-4410 Firmware 1.28
Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter.
network
genexis CWE-79
3.5
2020-09-16 CVE-2020-25015 Cross-Site Request Forgery (CSRF) vulnerability in Genexis Platinum 4410 Firmware P4410V21.28
A specific router allows changing the Wi-Fi password remotely.
network
low complexity
genexis CWE-352
6.5
2020-01-08 CVE-2020-6170 Missing Authentication for Critical Function vulnerability in Genexis Platinum-4410 Firmware 1.28
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.
network
low complexity
genexis CWE-306
critical
9.8
2017-12-20 CVE-2017-6094 Information Exposure vulnerability in Genexis Gaps
CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance.
network
low complexity
genexis CWE-200
5.0