Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.
References
Link | Resource |
---|---|
http://www.planex.co.jp/products/mzk-dp150n/ | Product Vendor Advisory |
https://jvn.jp/en/vu/JVNVU98291763/ | Third Party Advisory |
https://samy.link/blog/a-hidden-web-shell-in-the-plug-in-wireless-planex-mzk-dp150n | Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
23 Aug 2022, 18:33
Type | Values Removed | Values Added |
---|---|---|
First Time |
Planex
Planex mzk-dp150n Firmware Planex mzk-dp150n |
|
CWE | CWE-276 | |
CPE | cpe:2.3:o:planex:mzk-dp150n_firmware:1.43:*:*:*:*:*:*:* cpe:2.3:h:planex:mzk-dp150n:*:*:*:*:*:*:*:* cpe:2.3:o:planex:mzk-dp150n_firmware:1.42:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
References | (MISC) https://samy.link/blog/a-hidden-web-shell-in-the-plug-in-wireless-planex-mzk-dp150n - Exploit, Third Party Advisory | |
References | (MISC) https://jvn.jp/en/vu/JVNVU98291763/ - Third Party Advisory | |
References | (MISC) http://www.planex.co.jp/products/mzk-dp150n/ - Product, Vendor Advisory |
22 Aug 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-22 15:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-37289
Mitre link : CVE-2021-37289
CVE.ORG link : CVE-2021-37289
JSON object : View
Products Affected
planex
- mzk-dp150n
- mzk-dp150n_firmware
CWE
CWE-276
Incorrect Default Permissions