CVE-2017-12573

2018-08-2419:00:00

mitre

www.cve.org

AI Score

8.9

Confidence

High

EPSS

0.001

Percentile

42.3%

JSON

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page “/cgi-bin/nasset.cgi”. An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.

References

seclists.org/fulldisclosure/2018/Aug/29