CVE-2021-37289

Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
planexmzk-dp150n_firmware
1.42
planexmzk-dp150n_firmware
1.43
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.planex.co.jp/products/mzk-dp150n/
https://jvn.jp/en/vu/JVNVU98291763/
https://samy.link/blog/a-hidden-web-shell-in-the-plug-in-wireless-planex-mzk-dp150n
http://www.planex.co.jp/products/mzk-dp150n/
https://jvn.jp/en/vu/JVNVU98291763/
https://samy.link/blog/a-hidden-web-shell-in-the-plug-in-wireless-planex-mzk-dp150n