CVE-2021-47858
Published: 21 January 2026
Summary
CVE-2021-47858 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Genexis Platinum-4410 P4410-V2-1 (inferred from references). Its CVSS base score is 5.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Deeper analysis
CVE-2021-47858 is a stored cross-site scripting (XSS) vulnerability affecting the Genexis Platinum-4410 router running firmware version P4410-V2-1.31A. The flaw resides in the 'start_addr' parameter of the Security Management interface, where attackers can inject malicious scripts via the start source address field. These scripts persist in the system and execute when privileged users access the security management page, as classified under CWE-79 with a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N).
The vulnerability can be exploited remotely by unauthenticated attackers (PR:N) over the network (AV:N) with low complexity and no user interaction required. Successful exploitation allows attackers to execute arbitrary JavaScript in the browser context of privileged users viewing the affected page, potentially leading to session hijacking, data theft, or further compromise within the scoped impact (S:C), affecting low levels of confidentiality and integrity.
Advisories and references, including those from VulnCheck and Exploit-DB, detail the issue and provide a public proof-of-concept exploit at https://www.exploit-db.com/exploits/49709. The Genexis product page at https://genexis.eu/product/platinum-series/ offers context on the affected hardware, though specific patch details are not outlined in available information.
A public exploit is available, indicating potential for widespread testing or abuse against unpatched devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3641
Vulnerability details
Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users when they access…
more
the security management page.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stored XSS in public router web interface directly enables remote exploitation of a public-facing application without authentication.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks persistent injection of malicious scripts into the start_addr field by validating all inputs before storage.
Filters script content when the stored start_addr value is rendered on the Security Management page for privileged users.
Restricts use and execution of mobile code (JavaScript) within the web interface, limiting the impact of stored XSS payloads.