Vulnerability Description
Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.
CVSS Score
7.2
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Planex | Mzk-Dp150N Firmware | 1.42 |
| Planex | Mzk-Dp150N | All versions |
Related Weaknesses (CWE)
References
- http://www.planex.co.jp/products/mzk-dp150n/ProductVendor Advisory
- https://jvn.jp/en/vu/JVNVU98291763/Third Party Advisory
- https://samy.link/blog/a-hidden-web-shell-in-the-plug-in-wireless-planex-mzk-dp1ExploitThird Party Advisory
- http://www.planex.co.jp/products/mzk-dp150n/ProductVendor Advisory
- https://jvn.jp/en/vu/JVNVU98291763/Third Party Advisory
- https://samy.link/blog/a-hidden-web-shell-in-the-plug-in-wireless-planex-mzk-dp1ExploitThird Party Advisory
FAQ
What is CVE-2021-37289?
CVE-2021-37289 is a vulnerability with a CVSS score of 7.2 (HIGH). Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.
How severe is CVE-2021-37289?
CVE-2021-37289 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37289?
Check the references section above for vendor advisories and patch information. Affected products include: Planex Mzk-Dp150N Firmware, Planex Mzk-Dp150N.