CVE-2017-12576
Summary
| CVE | CVE-2017-12576 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-08-24 19:29:00 UTC |
| Updated | 2019-10-03 00:03:00 UTC |
| Description | An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command. |
Risk And Classification
Problem Types: CWE-668
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Planex | Cs-qr20 | - | All | All | All |
| Hardware | Planex | Cs-qr20 | - | All | All | All |
| Operating System | Planex | Cs-qr20 Firmware | 1.30 | All | All | All |
| Operating System | Planex | Cs-qr20 Firmware | 1.30 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: CVE-2017-12576: an hidden management page in PLANEX CS-QR20 | FULLDISC | seclists.org | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.