Command-Injection Vulnerability in PLANEX CS-W50HD NAS Settings Page

Command-Injection Vulnerability in PLANEX CS-W50HD NAS Settings Page

CVE-2017-12573 · HIGH Severity

AV:N/AC:L/AU:S/C:C/I:C/A:C

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.

Learn more about our Web App Pen Testing.