CVE-2017-12576

HIGH Year: 2017
CVSS v3 Score
7.2
High
CVSS v2 Score
9.0
Critical
Weakness Type
CWE-668
View all →

Vulnerability Description

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.

Related Vulnerabilities

CVE-2017-16660

HIGH
CVSS:7.2(High)

Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP c...

CWE-6682017

CVE-2021-34539

HIGH
CVSS:7.2(High)

An issue was discovered in CubeCoders AMP before 2.1.1.8. A lack of validation of the Java Version setting means that an unintended executable path can be set. The result is that high-privileged users...

CWE-6682021

CVE-2023-39171

HIGH
CVSS:7.2(High)

SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials.

CWE-6682023

CVE-2024-24985

HIGH
CVSS:7.2(High)

Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access.

CWE-6682024

CVE-2021-41065

HIGH
CVSS:7.3(High)

An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listar...

CWE-6682021

CVE-2022-0815

HIGH
CVSS:7.3(High)

Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details a...

CWE-6682022