CVE-2017-12573
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/08/2018
Last modified:
03/10/2019
Description
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
9.00
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:planex:cs-w50hd_firmware:*:*:*:*:*:*:*:* | 030720 (excluding) | |
cpe:2.3:h:planex:cs-w50hd:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page