Vulnerability Details CVE-2017-12577
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2017-12577
-
cpe:2.3:a:planex:smacam_night_vision:-
-
cpe:2.3:h:planex:cs-qr20:-
-
cpe:2.3:o:planex:cs-qr20_firmware:1.30