84 matches found
CVE-2017-12577
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...
CVE-2017-12576
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly...
CVE-2017-12577
CVE-2017-12577 affects PLANEX CS-QR20 (version 1.30). The Android app ships a hardcoded credential (admin:password) that can be used to access a hidden API URL /goform/SystemCommand, enabling an attacker to execute arbitrary commands with root privileges. This is tied to the Web UI component and ...
CVE-2017-12576
CVE-2017-12576 affects PLANEX CS-QR20 (firmware 1.30) via a hidden, undocumented management page (/admin/system_command.asp) that allows an authenticated user to execute arbitrary commands, enabling remote code execution on the device. The issue arises from an admin/debug interface that should no...
CVE-2017-12573
PLANEX CS-W50HD devices with firmware prior to 030720 expose a command-injection vulnerability in the web management UI on the NAS settings page at /cgi-bin/nasset.cgi. An attacker can send a crafted HTTP POST request to execute arbitrary code, with authentication required before the attack. This...
PLANEX CS-QR20 Command Execution
Reserved CVE: CVE-2017-12576 Description A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. Vulnerability Type Insecure Permissions Affected Product Code Base Firmware ver 1.30 Affected Component Web management UI...
PLANEX CS-W50HD Default Username Password Vulnerability
PLANEX is a Japanese networking brand company brands PCI and PLANEX. We provide products from enterprise customers to home customers e.g., network cards, routers, switches, L3 managed switches, accessories, Bluetooth products, print servers, Apple peripherals, network storage devices, etc.. PLANE...
PLANEX CS-QR20 Arbitrary Code Execution Vulnerability
PLANEX is a Japanese networking brand company brands PCI and PLANEX. We provide products from enterprise customers to home customers e.g., network cards, routers, switches, L3 managed switches, accessories, Bluetooth products, print servers, Apple peripherals, network storage devices, etc.. PLANE...
PLANEX CS-QR20 Hardcoded Voucher Vulnerability
PLANEX is a Japanese networking brand company brands PCI and PLANEX. We provide products from enterprise customers to home customers e.g., network cards, routers, switches, L3 managed switches, accessories, Bluetooth products, print servers, Apple peripherals, network storage devices, etc.. PLANE...
PLANEX CS-W50HD Command Injection Vulnerability
PLANEX is a Japanese networking brand company brands PCI and PLANEX. We provide products from enterprise customers to home customers e.g., network cards, routers, switches, L3 managed switches, accessories, Bluetooth products, print servers, Apple peripherals, network storage devices, etc.. The...
Planex Mini-300PU & Mini100s Cross-site Scripting Vulnerability
No description provided by source. GotGeek Labs http://www.gotgeek.com.br/ Planex Mini-300PU & Mini100s Cross-site Scripting Vulnerability + Description Mini-300PU: The PLANEX Mini-300PU is the greatest network printing solution to both USB and Parallel printer ports. It provides 2 USB 2.0 and 1...
D-Link Patches Backdoor Vulnerabilities in Routers
D-Link has patched a backdoor present in a number of its routers that was publicized almost two months ago and could allow an attacker to remotely access the administrative panel on the hardware, run code and make any number of changes. The Thanksgiving patch parade addressed the issue in a numbe...
CVE-2013-6026
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlsetroodkcableoj28840ybtide...
Authentication flaw
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlsetroodkcableoj28840ybtide...
CVE-2013-6026
CVE-2013-6026 affects D-Link DIR-100/DIR-120/DI-624S/DI-524UP/DI-604S/DI-604UP/DI-604+ and TM-G5240 routers, plus Planex BRL-04R/BRL-04UR/BRL-04CW and likely Alpha Networks devices. The web server can bypass authentication and perform administrative actions when the HTTP User-Agent header contain...
VulnCheck KEV: CVE-2013-6026
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an...
PT-2013-5931 · D Link +2 · D-Link Di-604 +8
Name of the Vulnerable Software and Affected Versions: D-Link DIR-100 D-Link DIR-120 D-Link DI-624S D-Link DI-524UP D-Link DI-604S D-Link DI-604UP D-Link DI-604+ D-Link TM-G5240 Planex BRL-04R Planex BRL-04UR Planex BRL-04CW Alpha Networks routers affected versions not specified Description: The...
http-dlink-backdoor NSE Script
Detects a firmware backdoor on some D-Link routers by changing the User-Agent to a "secret" value. Using the "secret" User-Agent bypasses authentication and allows admin access to the router. The following router models are likely to be vulnerable: DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S,...
D-Link routers authenticate administrative access using specific User-Agent string
Overview Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string. This backdoor allows an attacker to bypass password authentication and access the router's administrative web interface. Planex and Alpha Networks devices may also be...
D-Link PLANEX COMMUNICATIONS - RuntimeDiagnosticPing() Remote Stack Buffer Overflow
D-Link PLANEX COMMUNICATIONS - RuntimeDiagnosticPing Remote Stack Buffer Overflow source: https://www.securityfocus.com/bid/63234/info Multiple Vendors are prone to a stack-based buffer-overflow vulnerability. Exploiting this vulnerability may allow attackers to execute arbitrary code in the...