Lucene search
K

84 matches found

NVD
NVD
added 2022/08/22 3:15 p.m.23 views

CVE-2021-37289

Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etcro/web/syscmd.asp...

7.2CVSS0.01398EPSS
Exploits1References3
OSV
OSV
added 2022/08/22 3:15 p.m.2 views

CVE-2021-37289

Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etcro/web/syscmd.asp...

7.2CVSS5.9AI score0.01398EPSS
Exploits1References3
Prion
Prion
added 2022/08/22 3:15 p.m.18 views

Command injection

Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etcro/web/syscmd.asp...

5.8CVSS7.2AI score0.01398EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2022/08/22 2:34 p.m.25 views

CVE-2021-37289

Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etcro/web/syscmd.asp...

7.4AI score0.01398EPSS
Exploits1References3
CVE
CVE
added 2022/08/22 2:34 p.m.64 views

CVE-2021-37289

Planex MZK-DP150N firmware versions 1.42/1.43 expose insecure permissions in the administration interface, allowing a remote attacker to execute system commands as root via etc_ro/web/syscmd.asp. The issue stems from a privileged path exposure in the config UI, with a potential impact of arbitrar...

7.2CVSS7.2AI score0.01398EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.5 views

PLANEX Chibi Fai 3 安全漏洞

The PLANEX Chibi Fai 3 is a travel wireless LAN router that plugs directly into an outlet from PLANEX Japan. A security vulnerability exists in PLANEX Chibi Fai 3 versions 1.42 and 1.43, which originates from an insecure privilege in the management interface that allows an attacker to execute...

7.2CVSS7AI score0.01398EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2022/08/05 12:0 a.m.7 views

PT-2022-4991 · Planex · Planex Mzk-Dp150N

Name of the Vulnerable Software and Affected Versions: Planex MZK-DP150N versions 1.42 through 1.43 Description: The issue is related to insecure permissions in the administration interface, allowing attackers to execute system commands as root via the etc ro/web/syscmd.asp file. This can be...

9CVSS7.2AI score0.01398EPSS
Exploits1References6
0day.today
0day.today
added 2021/01/05 12:0 a.m.46 views

PLANEX CS-QP50F-ING2 Remote Configuration Disclosure Vulnerability

PLANEX CS-QP50F-ING2 security surveillance smart camera remote configuration disclosure exploit. !/usr/bin/perl PLANEX CS-QP50F-ING2 Security Surveillance Smart Camera Remote Configuration Disclosure - Mass Exploiter Copyright 2021 c Todor Donev https://donev.eu/ Disclaimer: This or previous...

7.5AI score
Exploits0
OpenVAS
OpenVAS
added 2018/09/03 12:0 a.m.39 views

PLANEX CS-W50HD Hardcoded Credentials Vulnerability (HTTP)

PLANEX CS-W50HD network camera are using hardcoded credentials for the HTTP login. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

10CVSS9.7AI score0.01795EPSS
Exploits1References1
OSV
OSV
added 2018/08/24 7:29 p.m.3 views

CVE-2017-12577

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...

9.8CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2018/08/24 7:29 p.m.19 views

CVE-2017-12574

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; th...

10CVSS9.8AI score0.01795EPSS
Exploits1References1
Prion
Prion
added 2018/08/24 7:29 p.m.14 views

Hardcoded credentials

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password "admin:password" is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission...

10CVSS9.2AI score0.01455EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/08/24 7:29 p.m.19 views

CVE-2017-12573

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is...

9CVSS8.9AI score0.0314EPSS
Exploits0References1
OSV
OSV
added 2018/08/24 7:29 p.m.5 views

CVE-2017-12576

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly...

7.2CVSS6.1AI score0.02198EPSS
Exploits1References1
Prion
Prion
added 2018/08/24 7:29 p.m.13 views

Command injection

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is...

9CVSS8.8AI score0.0314EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/08/24 7:29 p.m.4 views

CVE-2017-12573

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is...

8.8CVSS6.1AI score0.0314EPSS
Exploits0References1
Prion
Prion
added 2018/08/24 7:29 p.m.14 views

Hardcoded credentials

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; th...

10CVSS9.6AI score0.01795EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/08/24 7:29 p.m.23 views

CVE-2017-12576

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly...

9CVSS7.4AI score0.02198EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/08/24 7:0 p.m.24 views

CVE-2017-12573

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is...

8.9AI score0.0314EPSS
Exploits0References1
CVE
CVE
added 2018/08/24 7:0 p.m.63 views

CVE-2017-12574

CVE-2017-12574 affects PLANEX CS-W50HD devices running firmware before 030720. A hardcoded credential, "supervisor:dangerous", was injected into the web authentication database at boot (/.htpasswd), granting attackers full unauthorised control; the account cannot be modified or deleted. Multiple ...

10CVSS9.7AI score0.01795EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder