Lucene search
K

84 matches found

Cvelist
Cvelist
added 2018/08/24 7:0 p.m.25 views

CVE-2017-12577

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...

9.5AI score0.01455EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/08/24 7:0 p.m.39 views

CVE-2017-12576

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly...

7.4AI score0.02198EPSS
Exploits1References1
CVE
CVE
added 2018/08/24 7:0 p.m.56 views

CVE-2017-12577

CVE-2017-12577 affects PLANEX CS-QR20 (version 1.30). The Android app ships a hardcoded credential (admin:password) that can be used to access a hidden API URL /goform/SystemCommand, enabling an attacker to execute arbitrary commands with root privileges. This is tied to the Web UI component and ...

10CVSS9.3AI score0.01455EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/08/24 7:0 p.m.47 views

CVE-2017-12576

CVE-2017-12576 affects PLANEX CS-QR20 (firmware 1.30) via a hidden, undocumented management page (/admin/system_command.asp) that allows an authenticated user to execute arbitrary commands, enabling remote code execution on the device. The issue arises from an admin/debug interface that should no...

9CVSS7.3AI score0.02198EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/08/24 7:0 p.m.59 views

CVE-2017-12573

PLANEX CS-W50HD devices with firmware prior to 030720 expose a command-injection vulnerability in the web management UI on the NAS settings page at /cgi-bin/nasset.cgi. An attacker can send a crafted HTTP POST request to execute arbitrary code, with authentication required before the attack. This...

9CVSS8.8AI score0.0314EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2018/08/23 12:0 a.m.46 views

PLANEX CS-QR20 Command Execution

Reserved CVE: CVE-2017-12576 Description A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. Vulnerability Type Insecure Permissions Affected Product Code Base Firmware ver 1.30 Affected Component Web management UI...

7.1AI score0.02198EPSS
Exploits1
CNVD
CNVD
added 2018/08/22 12:0 a.m.6 views

PLANEX CS-W50HD Default Username Password Vulnerability

PLANEX is a Japanese networking brand company brands PCI and PLANEX. We provide products from enterprise customers to home customers e.g., network cards, routers, switches, L3 managed switches, accessories, Bluetooth products, print servers, Apple peripherals, network storage devices, etc.. PLANE...

10CVSS9.5AI score0.01795EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/22 12:0 a.m.5 views

PLANEX CS-QR20 Arbitrary Code Execution Vulnerability

PLANEX is a Japanese networking brand company brands PCI and PLANEX. We provide products from enterprise customers to home customers e.g., network cards, routers, switches, L3 managed switches, accessories, Bluetooth products, print servers, Apple peripherals, network storage devices, etc.. PLANE...

9CVSS7.4AI score0.02198EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/22 12:0 a.m.5 views

PLANEX CS-QR20 Hardcoded Voucher Vulnerability

PLANEX is a Japanese networking brand company brands PCI and PLANEX. We provide products from enterprise customers to home customers e.g., network cards, routers, switches, L3 managed switches, accessories, Bluetooth products, print servers, Apple peripherals, network storage devices, etc.. PLANE...

10CVSS9.6AI score0.01455EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/22 12:0 a.m.5 views

PLANEX CS-W50HD Command Injection Vulnerability

PLANEX is a Japanese networking brand company brands PCI and PLANEX. We provide products from enterprise customers to home customers e.g., network cards, routers, switches, L3 managed switches, accessories, Bluetooth products, print servers, Apple peripherals, network storage devices, etc.. The...

9CVSS9AI score0.0314EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.29 views

Planex Mini-300PU & Mini100s Cross-site Scripting Vulnerability

No description provided by source. GotGeek Labs http://www.gotgeek.com.br/ Planex Mini-300PU & Mini100s Cross-site Scripting Vulnerability + Description Mini-300PU: The PLANEX Mini-300PU is the greatest network printing solution to both USB and Parallel printer ports. It provides 2 USB 2.0 and 1...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2013/12/02 1:16 p.m.10 views

D-Link Patches Backdoor Vulnerabilities in Routers

D-Link has patched a backdoor present in a number of its routers that was publicized almost two months ago and could allow an attacker to remotely access the administrative panel on the hardware, run code and make any number of changes. The Thanksgiving patch parade addressed the issue in a numbe...

0.3AI score
Exploits0References4
NVD
NVD
added 2013/10/19 10:36 a.m.23 views

CVE-2013-6026

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlsetroodkcableoj28840ybtide...

10CVSS6.9AI score0.0768EPSS
Exploits4References3
Prion
Prion
added 2013/10/19 10:36 a.m.17 views

Authentication flaw

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlsetroodkcableoj28840ybtide...

10CVSS7.5AI score0.0768EPSS
Exploits4References3
CVE
CVE
added 2013/10/19 10:0 a.m.62 views

CVE-2013-6026

CVE-2013-6026 affects D-Link DIR-100/DIR-120/DI-624S/DI-524UP/DI-604S/DI-604UP/DI-604+ and TM-G5240 routers, plus Planex BRL-04R/BRL-04UR/BRL-04CW and likely Alpha Networks devices. The web server can bypass authentication and perform administrative actions when the HTTP User-Agent header contain...

10CVSS7.1AI score0.0768EPSS
Exploits4References3Affected Software8
VulnCheck KEV
VulnCheck KEV
added 2013/10/19 12:0 a.m.4 views

VulnCheck KEV: CVE-2013-6026

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an...

10CVSS5.8AI score0.0768EPSS
Exploits4References1
Positive Technologies
Positive Technologies
added 2013/10/19 12:0 a.m.9 views

PT-2013-5931 · D Link +2 · D-Link Di-604 +8

Name of the Vulnerable Software and Affected Versions: D-Link DIR-100 D-Link DIR-120 D-Link DI-624S D-Link DI-524UP D-Link DI-604S D-Link DI-604UP D-Link DI-604+ D-Link TM-G5240 Planex BRL-04R Planex BRL-04UR Planex BRL-04CW Alpha Networks routers affected versions not specified Description: The...

10CVSS6.7AI score0.0768EPSS
Exploits4References5
Nmap
Nmap
added 2013/10/17 11:41 p.m.326 views

http-dlink-backdoor NSE Script

Detects a firmware backdoor on some D-Link routers by changing the User-Agent to a "secret" value. Using the "secret" User-Agent bypasses authentication and allows admin access to the router. The following router models are likely to be vulnerable: DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S,...

10CVSS9.7AI score0.99448EPSS
Exploits33
CERT
CERT
added 2013/10/17 12:0 a.m.57 views

D-Link routers authenticate administrative access using specific User-Agent string

Overview Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string. This backdoor allows an attacker to bypass password authentication and access the router's administrative web interface. Planex and Alpha Networks devices may also be...

10CVSS7.5AI score0.0768EPSS
Exploits5References5
exploitpack
exploitpack
added 2013/10/14 12:0 a.m.17 views

D-Link PLANEX COMMUNICATIONS - RuntimeDiagnosticPing() Remote Stack Buffer Overflow

D-Link PLANEX COMMUNICATIONS - RuntimeDiagnosticPing Remote Stack Buffer Overflow source: https://www.securityfocus.com/bid/63234/info Multiple Vendors are prone to a stack-based buffer-overflow vulnerability. Exploiting this vulnerability may allow attackers to execute arbitrary code in the...

0.7AI score
Exploits0
Rows per page
Query Builder