Vulnerabilities > Genexis > Platinum 4410 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-04-13 CVE-2021-29003 OS Command Injection vulnerability in Genexis Platinum 4410 Firmware P4410V21.28
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI.
network
low complexity
genexis CWE-78
critical
 9.8
9.8
2020-01-08 CVE-2020-6170 Missing Authentication for Critical Function vulnerability in Genexis Platinum-4410 Firmware 1.28
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.
network
low complexity
genexis CWE-306
critical
 9.8
9.8