Vulnerabilities > CVE-2017-12573 - Unspecified vulnerability in Planex Cs-W50Hd Firmware

CVSS 9.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

planex

critical

NVD

Published: 2018-08-24

Updated: 2019-10-03

Summary

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.

Vulnerable Configurations

Part	Description	Count
OS	Planex Planex CS W50Hd Firmware *	1
Hardware	Planex Planex CS W50Hd -	1

References

http://seclists.org/fulldisclosure/2018/Aug/29