Command-Injection Vulnerability in PLANEX CS-W50HD NAS Settings Page
CVE-2017-12573 · HIGH Severity
AV:N/AC:L/AU:S/C:C/I:C/A:C
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.
Learn more about our Web App Pen Testing.