An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2018/Aug/29 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-08-24T19:00:00
Updated: 2018-08-24T18:57:01
Reserved: 2017-08-05T00:00:00
Link: CVE-2017-12573
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-08-24T19:29:00.533
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-12573
JSON object: View
Redhat Information
No data.
CWE