CyberSec.Space Logo
Back to CVE Browser

CVE-2017-12573

HIGH
8.8
CVSS Severity Score
EPSS Score0.0490%
EPSS Percentile35.02th
PublishedAug 24, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.

Affected Platforms (CPE)

💻
Planex

Cs W50hd Firmware

< 030720

References & Advisories

🔗 http://seclists.org/fulldisclosure/2018/Aug/29
🔗 http://seclists.org/fulldisclosure/2018/Aug/29

Related Vulnerabilities

CVE-2017-125749.8

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was ...

CVE-2017-522610.0

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioc...

CVE-2017-772210.0

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with ...

CVE-2017-796410.0

Zyxel WRE6505 devices have a default TELNET password of 1234 for the root and admin accounts, which makes it easier for remote att...