Hidden functionality in PLANEX MZK-DP150N
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-37289 |
| CWE-ID | CWE-912 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
MZK-DP150N Hardware solutions / Other hardware appliances |
| Vendor | PLANEX COMMUNICATIONS |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Hidden functionality
EUVDB-ID: #VU66671
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-37289
CWE-ID:
CWE-912 - Hidden Functionality (Backdoor)
Exploit availability: No
DescriptionThe vulnerability allows a remote user to compromise vulnerable system
The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote administrator on the local network can use this functionality to gain full access to the application and execute arbitrary OS commands on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMZK-DP150N: 1.43
CPE2.3- cpe:2.3:h:planex_communications:mzk-dp150n:*:*:*:*:*:*:*:*
- cpe:2.3:h:planex_communications:mzk-dp150n:1.43:*:*:*:*:*:*:*
http://jvn.jp/en/vu/JVNVU98291763/index.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
