CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-12573

HIGH
8.8
CVSS Severity Score
EPSS Score0.0490%
EPSS Percentile35.02th
Published2018年8月24日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.

Affected Platforms (CPE)

💻
Planex

Cs W50hd Firmware

< 030720

References & Advisories

🔗 http://seclists.org/fulldisclosure/2018/Aug/29
🔗 http://seclists.org/fulldisclosure/2018/Aug/29

関連する脆弱性情報

CVE-2017-125749.8

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was ...

CVE-2017-379110.0

A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication ...

CVE-2017-772210.0

In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with ...

CVE-2017-232010.0

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenti...