Search

Find a vulnerability

Search criteria

    9 vulnerabilities found for MZK-DP300N by PLANEX COMMUNICATIONS INC.

    CVE-2025-62777 (GCVE-0-2025-62777)

    Vulnerability from nvd – Published: 2025-10-28 04:53 – Updated: 2025-10-28 20:03
    VLAI
    Summary
    Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of hard-coded credentials
    Assigner
    Impacted products
    Vendor Product Version
    PLANEX COMMUNICATIONS INC. MZK-DP300N Affected: 1.07 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62777",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T20:03:03.733091Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-28T20:03:14.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MZK-DP300N",
              "vendor": "PLANEX COMMUNICATIONS INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.07 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Use of hard-coded credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-28T04:53:00.768Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.planex.co.jp/products/mzk-dp300n/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN00021602/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-62777",
        "datePublished": "2025-10-28T04:53:00.768Z",
        "dateReserved": "2025-10-22T09:51:31.094Z",
        "dateUpdated": "2025-10-28T20:03:14.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-21603 (GCVE-0-2025-21603)

    Vulnerability from nvd – Published: 2025-01-08 03:30 – Updated: 2025-01-08 14:26
    VLAI
    Summary
    Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    PLANEX COMMUNICATIONS INC. MZK-DP300N Affected: firmware versions 1.05 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21603",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-08T14:25:15.598070Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-08T14:26:18.169Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MZK-DP300N",
              "vendor": "PLANEX COMMUNICATIONS INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions 1.05 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user\u0027s web browser when accessing a crafted URL."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-08T03:30:50.390Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.planex.co.jp/support/download/mzk-dp300n/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN57428125/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-21603",
        "datePublished": "2025-01-08T03:30:50.390Z",
        "dateReserved": "2024-12-27T00:21:54.234Z",
        "dateUpdated": "2025-01-08T14:26:18.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45372 (GCVE-0-2024-45372)

    Vulnerability from nvd – Published: 2024-09-26 04:06 – Updated: 2025-03-25 15:58
    VLAI
    Summary
    MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    PLANEX COMMUNICATIONS INC. MZK-DP300N Affected: firmware versions 1.04 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T13:37:59.352659Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T15:58:46.344Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MZK-DP300N",
              "vendor": "PLANEX COMMUNICATIONS INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions 1.04 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-26T04:06:47.174Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.planex.co.jp/support/download/mzk-dp300n/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN81966868/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-45372",
        "datePublished": "2024-09-26T04:06:47.174Z",
        "dateReserved": "2024-09-10T06:57:25.565Z",
        "dateUpdated": "2025-03-25T15:58:46.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    JVNDB-2025-000095

    Vulnerability from jvndb - Published: 2025-10-28 14:04 - Updated:2025-10-28 14:04
    Severity
    Summary
    MZK-DP300N uses hard-coded credentials
    Details
    MZK-DP300N provided by PLANEX COMMUNICATIONS INC. contains the following vulnerability.
    • Use of hard-coded credentials (CWE-798) - CVE-2025-62777
    Toshiki Iwasaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000095.html",
      "dc:date": "2025-10-28T14:04+09:00",
      "dcterms:issued": "2025-10-28T14:04+09:00",
      "dcterms:modified": "2025-10-28T14:04+09:00",
      "description": "MZK-DP300N provided by PLANEX COMMUNICATIONS INC. contains the following vulnerability.\u003cul\u003e\u003cli\u003eUse of hard-coded credentials (CWE-798) - CVE-2025-62777\u003c/li\u003e\u003c/ul\u003e\r\nToshiki Iwasaki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000095.html",
      "sec:cpe": {
        "#text": "cpe:/o:planex:mzk-dp300n",
        "@product": "MZK-DP300N",
        "@vendor": "PLANEX COMMUNICATIONS INC.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "8.8",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000095",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN00021602/index.html",
          "@id": "JVN#00021602",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-62777",
          "@id": "CVE-2025-62777",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "MZK-DP300N uses hard-coded credentials"
    }

    JVNDB-2025-000001

    Vulnerability from jvndb - Published: 2025-01-08 17:08 - Updated:2025-01-08 17:08
    Severity
    Summary
    PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting
    Details
    MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability (CWE-79). Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000001.html",
      "dc:date": "2025-01-08T17:08+09:00",
      "dcterms:issued": "2025-01-08T17:08+09:00",
      "dcterms:modified": "2025-01-08T17:08+09:00",
      "description": "MZK-DP300N, wireless LAN router provided by PLANEX COMMUNICATIONS INC., contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000001.html",
      "sec:cpe": {
        "#text": "cpe:/o:planex:mzk-dp300n",
        "@product": "MZK-DP300N",
        "@vendor": "PLANEX COMMUNICATIONS INC.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.8",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2025-000001",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN57428125/index.html",
          "@id": "JVN#57428125",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2025-21603",
          "@id": "CVE-2025-21603",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting"
    }

    JVNDB-2024-000101

    Vulnerability from jvndb - Published: 2024-09-24 15:26 - Updated:2024-09-24 15:26
    Severity
    Summary
    Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices
    Details
    Multiple network devices (network cameras and a router) provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below.
    • Cross-site request forgery (CWE-352) - CVE-2024-45372
    • Cross-site scripting vulnerability in the web management page (CWE-79) - CVE-2024-45836
    CVE-2024-45372 Kentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2024-45836 Ryota Honda, Akihito Takeuchi, Daichi Uezono, Junnosuke Kushibiki, Ryu Kuki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000101.html",
      "dc:date": "2024-09-24T15:26+09:00",
      "dcterms:issued": "2024-09-24T15:26+09:00",
      "dcterms:modified": "2024-09-24T15:26+09:00",
      "description": "Multiple network devices (network cameras and a router) provided by PLANEX COMMUNICATIONS INC. contain multiple vulnerabilities listed below.\u003cul\u003e\u003cli\u003eCross-site request forgery (CWE-352) - CVE-2024-45372\u003c/li\u003e\u003cli\u003eCross-site scripting vulnerability in the web management page (CWE-79) - CVE-2024-45836\u003c/li\u003e\u003c/ul\u003e\r\nCVE-2024-45372\r\nKentaro Ishii of GMO Cybersecurity by Ierae, Inc. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2024-45836\r\nRyota Honda, Akihito Takeuchi, Daichi Uezono, Junnosuke Kushibiki, Ryu Kuki, Takayuki Sasaki and Katsunari Yoshioka of Yokohama National University reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
      "link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000101.html",
      "sec:cpe": [
        {
          "#text": "cpe:/o:planex:cs-qr10",
          "@product": "CS-QR10",
          "@vendor": "PLANEX COMMUNICATIONS INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:planex:cs-qr20",
          "@product": "CS-QR20",
          "@vendor": "PLANEX COMMUNICATIONS INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:planex:cs-qr22",
          "@product": "CS-QR22",
          "@vendor": "PLANEX COMMUNICATIONS INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:planex:cs-qr220",
          "@product": "CS-QR220",
          "@vendor": "PLANEX COMMUNICATIONS INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:planex:cs-qr300",
          "@product": "CS-QR300",
          "@vendor": "PLANEX COMMUNICATIONS INC.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/o:planex:mzk-dp300n",
          "@product": "MZK-DP300N",
          "@vendor": "PLANEX COMMUNICATIONS INC.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": {
        "@score": "7.1",
        "@severity": "High",
        "@type": "Base",
        "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L",
        "@version": "3.0"
      },
      "sec:identifier": "JVNDB-2024-000101",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN81966868/index.html",
          "@id": "JVN#81966868",
          "@source": "JVN"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-45372",
          "@id": "CVE-2024-45372",
          "@source": "CVE"
        },
        {
          "#text": "https://www.cve.org/CVERecord?id=CVE-2024-45836",
          "@id": "CVE-2024-45836",
          "@source": "CVE"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-352",
          "@title": "Cross-Site Request Forgery(CWE-352)"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-79",
          "@title": "Cross-site Scripting(CWE-79)"
        }
      ],
      "title": "Multiple vulnerabilities in PLANEX COMMUNICATIONS network devices"
    }

    CVE-2025-62777 (GCVE-0-2025-62777)

    Vulnerability from cvelistv5 – Published: 2025-10-28 04:53 – Updated: 2025-10-28 20:03
    VLAI
    Summary
    Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-798 - Use of hard-coded credentials
    Assigner
    Impacted products
    Vendor Product Version
    PLANEX COMMUNICATIONS INC. MZK-DP300N Affected: 1.07 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-62777",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-28T20:03:03.733091Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-28T20:03:14.159Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MZK-DP300N",
              "vendor": "PLANEX COMMUNICATIONS INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.07 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use of Hard-Coded Credentials issue exists in MZK-DP300N version 1.07 and earlier, which may allow an attacker within the local network to log in to the affected device via Telnet and execute arbitrary commands."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "Use of hard-coded credentials",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-28T04:53:00.768Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.planex.co.jp/products/mzk-dp300n/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN00021602/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-62777",
        "datePublished": "2025-10-28T04:53:00.768Z",
        "dateReserved": "2025-10-22T09:51:31.094Z",
        "dateUpdated": "2025-10-28T20:03:14.159Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-21603 (GCVE-0-2025-21603)

    Vulnerability from cvelistv5 – Published: 2025-01-08 03:30 – Updated: 2025-01-08 14:26
    VLAI
    Summary
    Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Cross-site scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    PLANEX COMMUNICATIONS INC. MZK-DP300N Affected: firmware versions 1.05 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 4.8,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "HIGH",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-21603",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-08T14:25:15.598070Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-08T14:26:18.169Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MZK-DP300N",
              "vendor": "PLANEX COMMUNICATIONS INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions 1.05 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user\u0027s web browser when accessing a crafted URL."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en-US",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross-site scripting (XSS)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-01-08T03:30:50.390Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.planex.co.jp/support/download/mzk-dp300n/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN57428125/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2025-21603",
        "datePublished": "2025-01-08T03:30:50.390Z",
        "dateReserved": "2024-12-27T00:21:54.234Z",
        "dateUpdated": "2025-01-08T14:26:18.169Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-45372 (GCVE-0-2024-45372)

    Vulnerability from cvelistv5 – Published: 2024-09-26 04:06 – Updated: 2025-03-25 15:58
    VLAI
    Summary
    MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-site request forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    PLANEX COMMUNICATIONS INC. MZK-DP300N Affected: firmware versions 1.04 and earlier
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-45372",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-26T13:37:59.352659Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-25T15:58:46.344Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "MZK-DP300N",
              "vendor": "PLANEX COMMUNICATIONS INC.",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware versions 1.04 and earlier"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MZK-DP300N firmware versions 1.04 and earlier contains a cross-site request forger vulnerability. Viewing a malicious page while logging in to the web management page of the affected product may lead the user to perform unintended operations such as changing the login password, etc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-site request forgery (CSRF)",
                  "lang": "en-US",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-09-26T04:06:47.174Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "url": "https://www.planex.co.jp/support/download/mzk-dp300n/"
            },
            {
              "url": "https://jvn.jp/en/jp/JVN81966868/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2024-45372",
        "datePublished": "2024-09-26T04:06:47.174Z",
        "dateReserved": "2024-09-10T06:57:25.565Z",
        "dateUpdated": "2025-03-25T15:58:46.344Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }