CVE-2025-65883
BaseFortify
Publication date: 2025-12-04
Last updated on: 2025-12-08
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| genexis | platinum_p4410 | 2.1.41 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-613 | According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization." |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Genexis Platinum P4410 router firmware where after an administrator logs out, the session token is not invalidated and remains valid. A local network attacker can reuse this stale session token to send specially crafted requests to the router's diagnostic endpoint, allowing them to execute commands with root privileges remotely.
How can this vulnerability impact me? :
An attacker on the local network can exploit this vulnerability to gain root-level remote code execution on the affected router. This could allow the attacker to take full control of the device, potentially intercepting or manipulating network traffic, disrupting network services, or using the router as a foothold for further attacks within the network.