Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.
References
Link | Resource |
---|---|
http://www.planex.co.jp/products/mzk-dp150n/ | Product Vendor Advisory |
https://jvn.jp/en/vu/JVNVU98291763/ | Third Party Advisory |
https://samy.link/blog/a-hidden-web-shell-in-the-plug-in-wireless-planex-mzk-dp150n | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-08-22T14:34:20
Updated: 2022-08-22T14:34:20
Reserved: 2021-07-21T00:00:00
Link: CVE-2021-37289
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-22T15:15:13.253
Modified: 2022-08-23T18:33:01.773
Link: CVE-2021-37289
JSON object: View
Redhat Information
No data.
CWE