84 matches found
CVE-2021-37289
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etcro/web/syscmd.asp...
CVE-2021-37289
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etcro/web/syscmd.asp...
Command injection
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etcro/web/syscmd.asp...
CVE-2021-37289
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etcro/web/syscmd.asp...
CVE-2021-37289
Planex MZK-DP150N firmware versions 1.42/1.43 expose insecure permissions in the administration interface, allowing a remote attacker to execute system commands as root via etc_ro/web/syscmd.asp. The issue stems from a privileged path exposure in the config UI, with a potential impact of arbitrar...
PLANEX Chibi Fai 3 安全漏洞
The PLANEX Chibi Fai 3 is a travel wireless LAN router that plugs directly into an outlet from PLANEX Japan. A security vulnerability exists in PLANEX Chibi Fai 3 versions 1.42 and 1.43, which originates from an insecure privilege in the management interface that allows an attacker to execute...
PT-2022-4991 · Planex · Planex Mzk-Dp150N
Name of the Vulnerable Software and Affected Versions: Planex MZK-DP150N versions 1.42 through 1.43 Description: The issue is related to insecure permissions in the administration interface, allowing attackers to execute system commands as root via the etc ro/web/syscmd.asp file. This can be...
PLANEX CS-QP50F-ING2 Remote Configuration Disclosure Vulnerability
PLANEX CS-QP50F-ING2 security surveillance smart camera remote configuration disclosure exploit. !/usr/bin/perl PLANEX CS-QP50F-ING2 Security Surveillance Smart Camera Remote Configuration Disclosure - Mass Exploiter Copyright 2021 c Todor Donev https://donev.eu/ Disclaimer: This or previous...
PLANEX CS-W50HD Hardcoded Credentials Vulnerability (HTTP)
PLANEX CS-W50HD network camera are using hardcoded credentials for the HTTP login. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2017-12577
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...
CVE-2017-12574
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; th...
Hardcoded credentials
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...
CVE-2017-12573
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is...
CVE-2017-12576
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly...
Command injection
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is...
CVE-2017-12573
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is...
Hardcoded credentials
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; th...
CVE-2017-12576
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly...
CVE-2017-12573
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is...
CVE-2017-12574
CVE-2017-12574 affects PLANEX CS-W50HD devices running firmware before 030720. A hardcoded credential, "supervisor:dangerous", was injected into the web authentication database at boot (/.htpasswd), granting attackers full unauthorised control; the account cannot be modified or deleted. Multiple ...