CVE-2017-12576

HIGH

Planex Cs-qr20 Firmware - Exposure to Wrong Actor

Title source: rule

Description

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.

References (1)

[Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Aug/27

Scores

CVSS v3 7.2

EPSS 0.0051

EPSS Percentile 66.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-668

Status published

Affected Products (1)

planex/cs-qr20_firmware

Timeline

Published Aug 24, 2018

Tracked Since Feb 18, 2026