CyberSec.Space Logo
Back to CVE Browser

CVE-2017-12574

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0840%
EPSS Percentile8.48th
PublishedAug 24, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted.

Affected Platforms (CPE)

💻
Planex

Cs W50hd Firmware

< 030720

References & Advisories

🔗 http://seclists.org/fulldisclosure/2018/Aug/25
🔗 http://seclists.org/fulldisclosure/2018/Aug/25

Related Vulnerabilities

CVE-2017-125738.8

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability i...

CVE-2017-522610.0

When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioc...

CVE-2017-721310.0

Zoho ManageEngine Desktop Central before build 100082 allows remote attackers to obtain control over all connected active desktops...

CVE-2017-632610.0

The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual ...