CVE-2017-12573

Опубликовано: 24 авг. 2018

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.

Ссылки

http://seclists.org/fulldisclosure/2018/Aug/29
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2018/Aug/29
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:planex:cs-w50hd_firmware:*:*:*:*:*:*:*:*

Версия до 030720 (исключая)

cpe:2.3:h:planex:cs-w50hd:-:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00806

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-j822-qpx5-h59x