#VU66941 Exposure of Resource to Wrong Sphere in CS-QR20 - CVE-2017-12576


Vulnerability identifier: #VU66941

Vulnerability risk: Low

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-12576

CWE-ID: CWE-668

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
CS-QR20
Hardware solutions / Security hardware applicances

Vendor: PLANEX COMMUNICATIONS

Description

The vulnerability allows a remote user to compromise the system.

The vulnerability exists due to a hidden and undocumented management page. A remote administrator can execute arbitrary code on the target device.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

CS-QR20: 1.30

External links
https://seclists.org/fulldisclosure/2018/Aug/27

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in PLANEX Network camera products
Remote code execution in PLANEX COMMUNICATIONS CS-QR20