← Back

Planex

planex

14 CVEs • 26 products

Products (26)

Click to collapse
Toggle
Cs Qr20 Firmware
cs-qr20_firmware
4 CVEs
Cs W50hd Firmware
cs-w50hd_firmware
2 CVEs
Cs Qr10 Firmware
cs-qr10_firmware
2 CVEs
Cs Wmv02g Firmware
cs-wmv02g_firmware
2 CVEs
Mzk Mf300n Firmware
mzk-mf300n_firmware
2 CVEs
Mzk Mf300hp2 Firmware
mzk-mf300hp2_firmware
2 CVEs
Brl 04cw
brl-04cw
1 CVE
Brl 04r
brl-04r
1 CVE
Brl 04ur
brl-04ur
1 CVE
Smacam Night Vision
smacam_night_vision
1 CVE
Mzk Dp150n Firmware
mzk-dp150n_firmware
1 CVE
Cs Wmv02g
cs-wmv02g
1 CVE
Mzk Dp300n Firmware
mzk-dp300n_firmware
1 CVE
Cs Qr22 Firmware
cs-qr22_firmware
1 CVE
Cs Qr220 Firmware
cs-qr220_firmware
1 CVE
Cs Qr300 Firmware
cs-qr300_firmware
1 CVE
Cs W50hd
cs-w50hd
0 CVEs
Cs Qr20
cs-qr20
0 CVEs
Mzk Dp150n
mzk-dp150n
0 CVEs
Cs Qr10
cs-qr10
0 CVEs
Mzk Mf300n
mzk-mf300n
0 CVEs
Mzk Mf300hp2
mzk-mf300hp2
0 CVEs
Mzk Dp300n
mzk-dp300n
0 CVEs
Cs Qr22
cs-qr22
0 CVEs
Cs Qr220
cs-qr220
0 CVEs
Cs Qr300
cs-qr300
0 CVEs

CVEs (14)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-45836
1Planex
5Cs Qr10 Firmware
Cs Qr20 FirmwareCs Qr220 Firmware+2 more
Mar 25, 2025
Sep 26, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the u...Show more
Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user.Show less
CVE-2024-45372
1Planex
1Mzk Dp300n Firmware
Mar 25, 2025
Sep 26, 2024
N/A· v4
6.5 MEDIUM· v3
N/A· v2
MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform...Show more
MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.Show less
CVE-2024-30220
1Planex
2Mzk Mf300hp2 Firmware
Mzk Mf300n Firmware
Aug 27, 2025
Apr 15, 2024
N/A· v4
8.8 HIGH· v3
N/A· v2
Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. N...Show more
Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer supported, therefore the update for this product is not provided.Show less
CVE-2024-30219
1Planex
2Mzk Mf300hp2 Firmware
Mzk Mf300n Firmware
Jun 30, 2025
Apr 15, 2024
N/A· v4
6.8 MEDIUM· v3
N/A· v2
Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be perf...Show more
Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. If a logged-in user who knows how to use the debug function accesses the device's management page, an unintended operation may be performed. Note that MZK-MF300N is no longer supported, therefore the update for this product is not provided.Show less
CVE-2023-22376
1Planex
1Cs Wmv02g Firmware
Mar 20, 2025
Feb 14, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: T...Show more
Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer.Show less
CVE-2023-22375
1Planex
1Cs Wmv02g Firmware
Mar 20, 2025
Feb 14, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations...Show more
Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability only affects products that are no longer supported by the developer.Show less
CVE-2023-22370
1Planex
1Cs Wmv02g
Nov 21, 2024
Feb 14, 2023
N/A· v4
5.2 MEDIUM· v3
N/A· v2
Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only...Show more
Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer.Show less
CVE-2022-38399
1Planex
2Cs Qr10 Firmware
Cs Qr20 Firmware
Nov 21, 2024
Sep 8, 2022
N/A· v4
6.8 MEDIUM· v3
N/A· v2
Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connec...Show more
Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connectionShow less
CVE-2021-37289
1Planex
1Mzk Dp150n Firmware
Nov 21, 2024
Aug 22, 2022
N/A· v4
7.2 HIGH· v3
N/A· v2
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.
CVE-2017-12577
1Planex
2Cs Qr20 Firmware
Smacam Night Vision
Nov 21, 2024
Aug 24, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute an...Show more
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.Show less
CVE-2017-12576
1Planex
1Cs Qr20 Firmware
Nov 21, 2024
Aug 24, 2018
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for de...Show more
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.Show less
CVE-2017-12574
1Planex
1Cs W50hd Firmware
Nov 21, 2024
Aug 24, 2018
N/A· v4
9.8 CRITICAL· v3
10.0 HIGH· v2
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allow...Show more
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted.Show less
CVE-2017-12573
1Planex
1Cs W50hd Firmware
Nov 21, 2024
Aug 24, 2018
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a...Show more
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.Show less
CVE-2013-6026
3Alphanetworks
DlinkPlanex
13Brl 04cw
Brl 04rBrl 04ur+10 more
Apr 29, 2026
Oct 19, 2013
N/A· v4
N/A· v3
10.0 HIGH· v2
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to byp...Show more
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.Show less