Vulnerability Details CVE-2017-12574
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2017-12574
-
cpe:2.3:h:planex:cs-w50hd:-
-
cpe:2.3:o:planex:cs-w50hd_firmware:030608
-
cpe:2.3:o:planex:cs-w50hd_firmware:030715
-
cpe:2.3:o:planex:cs-w50hd_firmware:030718