CVE-2017-12576
HIGHPLANEX CS-QR20 1.30 - Authenticated Remote Code Execution via Debug Management Page
Title source: llmDescription
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.
References (1)
Core 1
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Aug/27
Scores
CVSS v3
7.2
EPSS
0.0220
EPSS Percentile
80.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-668
Status
published
Products (1)
planex/cs-qr20_firmware
1.30
Published
Aug 24, 2018
Tracked Since
Feb 18, 2026