Stored XSS Vulnerability in Genexis Platinum-4410 Devices
CVE-2020-27980

5.4MEDIUM

Key Information:

Vendor: Genexis
Status: Platinum-4410 Firmware
Vendor: CVE Published:; 28 October 2020

What is CVE-2020-27980?

The Genexis Platinum-4410 P4410-V2-1.28 devices are susceptible to a stored XSS vulnerability in the WLAN SSID parameter. This flaw allows an attacker to store malicious scripts that execute when privileged users access the compromised SSID. As a result, the attacker can perform unauthorized actions, increasing the risk of data breaches and network compromise.

References

https://genexis.eu/product/platinum/

x_refsource_MISC

https://www.exploit-db.com/exploits/48948

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 28, 2020
Vulnerability Reserved
Oct 28, 2020