Vulnerability Details CVE-2017-12573
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 72.0%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.0
References
Products affected by CVE-2017-12573
-
cpe:2.3:h:planex:cs-w50hd:-
-
cpe:2.3:o:planex:cs-w50hd_firmware:030608
-
cpe:2.3:o:planex:cs-w50hd_firmware:030715
-
cpe:2.3:o:planex:cs-w50hd_firmware:030718