Vulnerabilities (CVE)

Filtered by vendor Planex Subscribe
Total 12 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-12577 1 Planex 3 Cs-qr20, Cs-qr20 Firmware, Smacam Night Vision 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.
CVE-2017-12576 1 Planex 2 Cs-qr20, Cs-qr20 Firmware 2024-11-21 9.0 HIGH 7.2 HIGH
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.
CVE-2017-12574 1 Planex 2 Cs-w50hd, Cs-w50hd Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted.
CVE-2017-12573 1 Planex 2 Cs-w50hd, Cs-w50hd Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.
CVE-2013-6026 3 Alphanetworks, Dlink, Planex 13 Vdsl Asl-55052, Vdsl Asl-56552, Di-524up and 10 more 2024-11-21 10.0 HIGH N/A
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.
CVE-2024-45836 1 Planex 10 Cs-qr10, Cs-qr10 Firmware, Cs-qr20 and 7 more 2024-10-03 N/A 6.1 MEDIUM
Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user.
CVE-2024-45372 1 Planex 2 Mzk-dp300n, Mzk-dp300n Firmware 2024-10-03 N/A 6.5 MEDIUM
MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.
CVE-2023-22376 1 Planex 2 Cs-wmv02g, Cs-wmv02g Firmware 2024-08-02 N/A 6.1 MEDIUM
Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer.
CVE-2023-22375 1 Planex 2 Cs-wmv02g, Cs-wmv02g Firmware 2024-08-02 N/A 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability only affects products that are no longer supported by the developer.
CVE-2023-22370 1 Planex 1 Cs-wmv02g 2024-08-02 N/A 5.2 MEDIUM
Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer.
CVE-2021-37289 1 Planex 2 Mzk-dp150n, Mzk-dp150n Firmware 2024-02-28 N/A 7.2 HIGH
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.
CVE-2022-38399 1 Planex 4 Cs-qr10, Cs-qr10 Firmware, Cs-qr20 and 1 more 2024-02-28 N/A 6.8 MEDIUM
Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection