CVE-2017-12576

EPSS 0.54%
Veröffentlicht 24.08.2018 19:29:00
Zuletzt bearbeitet 21.11.2024 03:09:47
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Planex ≫ Cs-qr20 Firmware Version1.30

Planex ≫ Cs-qr20 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.54%	0.667

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	9	8	10	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

http://seclists.org/fulldisclosure/2018/Aug/27

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2017-12576

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-12576

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-12576

EUVD