Planex: >> Cs-W50hd Firmware Security Vulnerabilities
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.
CVSS Score
8.8
EPSS Score
0.007
Published
2018-08-24
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-08-24