Vulnerabilities > CVE-2017-12576 - Exposure of Resource to Wrong Sphere vulnerability in Planex Cs-Qr20 Firmware 1.30

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

planex

CWE-668

NVD

Published: 2018-08-24

Updated: 2019-10-03

Summary

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.

Vulnerable Configurations

Part	Description	Count
OS	Planex Planex CS Qr20 Firmware 1.30	1
Hardware	Planex Planex CS Qr20 -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

Packetstorm

data source	https://packetstormsecurity.com/files/download/149062/planex-exec.txt
id	PACKETSTORM:149062
last seen	2018-08-25
published	2018-08-23
reporter	Kenney Lu
source	https://packetstormsecurity.com/files/149062/PLANEX-CS-QR20-Command-Execution.html
title	PLANEX CS-QR20 Command Execution

References

http://seclists.org/fulldisclosure/2018/Aug/27