CVE-2017-12577

Опубликовано: 24 авг. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.

Ссылки

http://seclists.org/fulldisclosure/2018/Aug/28
Mailing List
Third Party Advisory
http://seclists.org/fulldisclosure/2018/Aug/28
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:planex:cs-qr20_firmware:1.30:*:*:*:*:*:*:*

cpe:2.3:h:planex:cs-qr20:-:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:planex:smacam_night_vision:-:*:*:*:*:android:*:*

EPSS

Процентиль: 60%

0.00393

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-wwcm-7c7v-g9q6