Search
Find a vulnerability
Search criteria
8 vulnerabilities found for cs-qr20_firmware by planex
CVE-2024-45836 (GCVE-0-2024-45836)
Vulnerability from nvd – Published: 2024-09-26 04:07 – Updated: 2025-03-25 16:28
VLAI
Summary
Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN81966868/ |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| PLANEX COMMUNICATIONS INC. | CS-QR10 |
Affected:
all firmware versions
|
|
| PLANEX COMMUNICATIONS INC. | CS-QR20 |
Affected:
all firmware versions
|
|
| PLANEX COMMUNICATIONS INC. | CS-QR22 |
Affected:
all firmware versions
|
|
| PLANEX COMMUNICATIONS INC. | CS-QR220 |
Affected:
all firmware versions
|
|
| PLANEX COMMUNICATIONS INC. | CS-QR300 |
Affected:
all firmware versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:37:11.206613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:28:16.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CS-QR10",
"vendor": "PLANEX COMMUNICATIONS INC.",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "CS-QR20",
"vendor": "PLANEX COMMUNICATIONS INC.",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "CS-QR22",
"vendor": "PLANEX COMMUNICATIONS INC.",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "CS-QR220",
"vendor": "PLANEX COMMUNICATIONS INC.",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "CS-QR300",
"vendor": "PLANEX COMMUNICATIONS INC.",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T04:07:37.035Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN81966868/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45836",
"datePublished": "2024-09-26T04:07:37.035Z",
"dateReserved": "2024-09-10T06:57:27.511Z",
"dateUpdated": "2025-03-25T16:28:16.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38399 (GCVE-0-2022-38399)
Vulnerability from nvd – Published: 2022-09-08 07:10 – Updated: 2024-08-03 10:54
VLAI
Summary
Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection
Severity
No CVSS data available.
CWE
- Missing protection mechanism for alternate hardware interface
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.planex.co.jp/products/cs-qr10/index.shtml | x_refsource_MISC |
| https://www.planex.co.jp/products/cs-qr20/index.shtml | x_refsource_MISC |
| https://jvn.jp/en/vu/JVNVU90766406/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PLANEX COMMUNICATIONS INC. | SmaCam CS-QR10 and SmaCam Night Vision CS-QR20 |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.planex.co.jp/products/cs-qr10/index.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.planex.co.jp/products/cs-qr20/index.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90766406/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmaCam CS-QR10 and SmaCam Night Vision CS-QR20",
"vendor": "PLANEX COMMUNICATIONS INC.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product\u0027s specific serial connection"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing protection mechanism for alternate hardware interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T07:10:46.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.planex.co.jp/products/cs-qr10/index.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.planex.co.jp/products/cs-qr20/index.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU90766406/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-38399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmaCam CS-QR10 and SmaCam Night Vision CS-QR20",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "PLANEX COMMUNICATIONS INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product\u0027s specific serial connection"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing protection mechanism for alternate hardware interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.planex.co.jp/products/cs-qr10/index.shtml",
"refsource": "MISC",
"url": "https://www.planex.co.jp/products/cs-qr10/index.shtml"
},
{
"name": "https://www.planex.co.jp/products/cs-qr20/index.shtml",
"refsource": "MISC",
"url": "https://www.planex.co.jp/products/cs-qr20/index.shtml"
},
{
"name": "https://jvn.jp/en/vu/JVNVU90766406/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU90766406/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-38399",
"datePublished": "2022-09-08T07:10:46.000Z",
"dateReserved": "2022-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:54:03.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12577 (GCVE-0-2017-12577)
Vulnerability from nvd – Published: 2018-08-24 19:00 – Updated: 2024-08-05 18:43
VLAI
Summary
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/28 | mailing-listx_refsource_FULLDISC |
Date Public
2018-08-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password (\"admin:password\") is used in the Android application that allows attackers to use a hidden API URL \"/goform/SystemCommand\" to execute any command with root permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password (\"admin:password\") is used in the Android application that allows attackers to use a hidden API URL \"/goform/SystemCommand\" to execute any command with root permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12577",
"datePublished": "2018-08-24T19:00:00.000Z",
"dateReserved": "2017-08-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:43:56.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12576 (GCVE-0-2017-12576)
Vulnerability from nvd – Published: 2018-08-24 19:00 – Updated: 2024-08-05 18:43
VLAI
Summary
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/27 | mailing-listx_refsource_FULLDISC |
Date Public
2018-08-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180821 CVE-2017-12576: an hidden management page in PLANEX CS-QR20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180821 CVE-2017-12576: an hidden management page in PLANEX CS-QR20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180821 CVE-2017-12576: an hidden management page in PLANEX CS-QR20",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12576",
"datePublished": "2018-08-24T19:00:00.000Z",
"dateReserved": "2017-08-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:43:56.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45836 (GCVE-0-2024-45836)
Vulnerability from cvelistv5 – Published: 2024-09-26 04:07 – Updated: 2025-03-25 16:28
VLAI
Summary
Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Cross-site scripting (XSS)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN81966868/ |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| PLANEX COMMUNICATIONS INC. | CS-QR10 |
Affected:
all firmware versions
|
|
| PLANEX COMMUNICATIONS INC. | CS-QR20 |
Affected:
all firmware versions
|
|
| PLANEX COMMUNICATIONS INC. | CS-QR22 |
Affected:
all firmware versions
|
|
| PLANEX COMMUNICATIONS INC. | CS-QR220 |
Affected:
all firmware versions
|
|
| PLANEX COMMUNICATIONS INC. | CS-QR300 |
Affected:
all firmware versions
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45836",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T13:37:11.206613Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-25T16:28:16.689Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CS-QR10",
"vendor": "PLANEX COMMUNICATIONS INC.",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "CS-QR20",
"vendor": "PLANEX COMMUNICATIONS INC.",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "CS-QR22",
"vendor": "PLANEX COMMUNICATIONS INC.",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "CS-QR220",
"vendor": "PLANEX COMMUNICATIONS INC.",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
},
{
"product": "CS-QR300",
"vendor": "PLANEX COMMUNICATIONS INC.",
"versions": [
{
"status": "affected",
"version": "all firmware versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross-site scripting (XSS)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-26T04:07:37.035Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN81966868/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45836",
"datePublished": "2024-09-26T04:07:37.035Z",
"dateReserved": "2024-09-10T06:57:27.511Z",
"dateUpdated": "2025-03-25T16:28:16.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38399 (GCVE-0-2022-38399)
Vulnerability from cvelistv5 – Published: 2022-09-08 07:10 – Updated: 2024-08-03 10:54
VLAI
Summary
Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection
Severity
No CVSS data available.
CWE
- Missing protection mechanism for alternate hardware interface
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.planex.co.jp/products/cs-qr10/index.shtml | x_refsource_MISC |
| https://www.planex.co.jp/products/cs-qr20/index.shtml | x_refsource_MISC |
| https://jvn.jp/en/vu/JVNVU90766406/index.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| PLANEX COMMUNICATIONS INC. | SmaCam CS-QR10 and SmaCam Night Vision CS-QR20 |
Affected:
All versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.planex.co.jp/products/cs-qr10/index.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.planex.co.jp/products/cs-qr20/index.shtml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU90766406/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SmaCam CS-QR10 and SmaCam Night Vision CS-QR20",
"vendor": "PLANEX COMMUNICATIONS INC.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product\u0027s specific serial connection"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing protection mechanism for alternate hardware interface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T07:10:46.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.planex.co.jp/products/cs-qr10/index.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.planex.co.jp/products/cs-qr20/index.shtml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU90766406/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2022-38399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmaCam CS-QR10 and SmaCam Night Vision CS-QR20",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "PLANEX COMMUNICATIONS INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product\u0027s specific serial connection"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing protection mechanism for alternate hardware interface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.planex.co.jp/products/cs-qr10/index.shtml",
"refsource": "MISC",
"url": "https://www.planex.co.jp/products/cs-qr10/index.shtml"
},
{
"name": "https://www.planex.co.jp/products/cs-qr20/index.shtml",
"refsource": "MISC",
"url": "https://www.planex.co.jp/products/cs-qr20/index.shtml"
},
{
"name": "https://jvn.jp/en/vu/JVNVU90766406/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU90766406/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2022-38399",
"datePublished": "2022-09-08T07:10:46.000Z",
"dateReserved": "2022-08-29T00:00:00.000Z",
"dateUpdated": "2024-08-03T10:54:03.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12576 (GCVE-0-2017-12576)
Vulnerability from cvelistv5 – Published: 2018-08-24 19:00 – Updated: 2024-08-05 18:43
VLAI
Summary
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/27 | mailing-listx_refsource_FULLDISC |
Date Public
2018-08-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180821 CVE-2017-12576: an hidden management page in PLANEX CS-QR20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/27"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180821 CVE-2017-12576: an hidden management page in PLANEX CS-QR20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/27"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180821 CVE-2017-12576: an hidden management page in PLANEX CS-QR20",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/27"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12576",
"datePublished": "2018-08-24T19:00:00.000Z",
"dateReserved": "2017-08-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:43:56.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12577 (GCVE-0-2017-12577)
Vulnerability from cvelistv5 – Published: 2018-08-24 19:00 – Updated: 2024-08-05 18:43
VLAI
Summary
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/28 | mailing-listx_refsource_FULLDISC |
Date Public
2018-08-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password (\"admin:password\") is used in the Android application that allows attackers to use a hidden API URL \"/goform/SystemCommand\" to execute any command with root permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password (\"admin:password\") is used in the Android application that allows attackers to use a hidden API URL \"/goform/SystemCommand\" to execute any command with root permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12577",
"datePublished": "2018-08-24T19:00:00.000Z",
"dateReserved": "2017-08-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:43:56.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}