CVE-2017-12576

Published: Aug 24, 2018Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.

Affected (1)

Products: Planex: Cs Qr20 Firmware

1 product

Cs Qr20 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Planex Cs Qr20 Firmware	Version 1.30

Running on/with	Platform Versions
Planex Cs Qr20	All versions

Related CWEs

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References (2)

http://seclists.org/fulldisclosure/2018/Aug/27

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2018/Aug/27

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.