genexis CVE Vulnerabilities & Metrics

Focus on genexis vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About genexis Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with genexis. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total genexis CVEs: 7
Earliest CVE date: 08 Jan 2020, 06:15 UTC
Latest CVE date: 04 Dec 2025, 20:16 UTC

Latest CVE reference: CVE-2025-65883

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical genexis CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.39

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	2
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS genexis CVEs

These are the five CVEs with the highest CVSS scores for genexis, sorted by severity first and recency.

CVE-2021-29003 genexis Published on 13 Apr 2021, 06:15 UTC (CVSS: 7.5)
Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI.
CVE-2020-28137 genexis Published on 10 Nov 2021, 17:15 UTC (CVSS: 7.1)
Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router.
CVE-2020-6170 genexis Published on 08 Jan 2020, 06:15 UTC (CVSS: 5.0)
An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.
CVE-2020-25015 genexis Published on 16 Sep 2020, 18:15 UTC (CVSS: 4.3)
A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.
CVE-2020-27980 genexis Published on 28 Oct 2020, 19:15 UTC (CVSS: 3.5)
Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users.

All CVEs for genexis

CVE-2025-65883 genexis vulnerability CVSS: 0 04 Dec 2025, 20:16 UTC

A vulnerability has been identified in Genexis Platinum P4410 router (Firmware P4410-V2–1.41) that allows a local network attacker to achieve Remote Code Execution (RCE) with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs out, the session token remains valid. An attacker on the local network can reuse this stale token to send crafted requests via the router’s diagnostic endpoint, resulting in command execution as root.

CVE-2020-28137 genexis vulnerability CVSS: 7.1 10 Nov 2021, 17:15 UTC

Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a denial of service by continuously restarting the router.

CVE-2021-29003 genexis vulnerability CVSS: 7.5 13 Apr 2021, 06:15 UTC

Genexis PLATINUM 4410 2.1 P4410-V2-1.28 devices allow remote attackers to execute arbitrary code via shell metacharacters to sys_config_valid.xgi, as demonstrated by the sys_config_valid.xgi?exeshell=%60telnetd%20%26%60 URI.

CVE-2020-25988 genexis vulnerability CVSS: 3.3 17 Nov 2020, 20:15 UTC

UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.

CVE-2020-27980 genexis vulnerability CVSS: 3.5 28 Oct 2020, 19:15 UTC

Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users.

CVE-2020-25015 genexis vulnerability CVSS: 4.3 16 Sep 2020, 18:15 UTC

A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a compact router generally used at homes and offices was found to be vulnerable to Broken Access Control and CSRF which could be combined to remotely change the WIFI access point’s password.

CVE-2020-6170 genexis vulnerability CVSS: 5.0 08 Jan 2020, 06:15 UTC

An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.