Details of VAR-201808-0123

ID

VAR-201808-0123

CVE

CVE-2017-12573

TITLE

PLANEX CS-W50HD Command injection vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2017-014284

DESCRIPTION

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack. PLANEX CS-W50HD A command injection vulnerability exists in the device firmware.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. PLANEX is a Japanese online brand company (brands PCI and PLANEX). Provide products from enterprise customers to home customers (such as: network cards, routers, switches, L3 network management switches, accessories, Bluetooth products, print servers, Apple peripheral products, network storage devices, etc.). # Status Fixed in firmware ver 030720 <table class="TM_EMAIL_NOTICE"><tr><td><pre> TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. </pre></td></tr></table>

Trust: 2.25

sources: NVD: CVE-2017-12573 // JVNDB: JVNDB-2017-014284 // CNVD: CNVD-2018-15842 // PACKETSTORM: 149055

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-15842

AFFECTED PRODUCTS

vendor:	planex	model:	cs-w50hd	scope:	lt	version:	030720	Trust: 1.8
vendor:	planex	model:	cs-w50hd	scope:	eq	version:	030608	Trust: 0.6

sources: CNVD: CNVD-2018-15842 // JVNDB: JVNDB-2017-014284 // NVD: CVE-2017-12573

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-12573
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-12573
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-15842
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201708-177
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2017-12573
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-15842
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2017-12573
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-15842 // JVNDB: JVNDB-2017-014284 // CNNVD: CNNVD-201708-177 // NVD: CVE-2017-12573

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-77	Trust: 0.8

sources: JVNDB: JVNDB-2017-014284 // NVD: CVE-2017-12573

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-177

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-177

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-014284

PATCH

title:	CS-W50HD	url:	https://www.planex.co.jp/support/download/cs-w50hd/	Trust: 0.8
title:	PLANEXCS-W50HD command injection vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/138181	Trust: 0.6
title:	PLANEX CS-W50HD Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99964	Trust: 0.6

sources: CNVD: CNVD-2018-15842 // JVNDB: JVNDB-2017-014284 // CNNVD: CNNVD-201708-177

EXTERNAL IDS

db:	NVD	id:	CVE-2017-12573	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-014284	Trust: 0.8
db:	CNVD	id:	CNVD-2018-15842	Trust: 0.6
db:	CNNVD	id:	CNNVD-201708-177	Trust: 0.6
db:	PACKETSTORM	id:	149055	Trust: 0.1

sources: CNVD: CNVD-2018-15842 // JVNDB: JVNDB-2017-014284 // PACKETSTORM: 149055 // CNNVD: CNNVD-201708-177 // NVD: CVE-2017-12573

REFERENCES

url:	http://seclists.org/fulldisclosure/2018/aug/29	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12573	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12573	Trust: 0.8

sources: CNVD: CNVD-2018-15842 // JVNDB: JVNDB-2017-014284 // PACKETSTORM: 149055 // CNNVD: CNNVD-201708-177 // NVD: CVE-2017-12573

CREDITS

Kenney Lu

Trust: 0.1

sources: PACKETSTORM: 149055

SOURCES

db:	CNVD	id:	CNVD-2018-15842
db:	JVNDB	id:	JVNDB-2017-014284
db:	PACKETSTORM	id:	149055
db:	CNNVD	id:	CNNVD-201708-177
db:	NVD	id:	CVE-2017-12573

LAST UPDATE DATE

2024-11-23T22:34:08.952000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-15842	date:	2018-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-014284	date:	2018-12-20T00:00:00
db:	CNNVD	id:	CNNVD-201708-177	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-12573	date:	2024-11-21T03:09:46.727

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-15842	date:	2018-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-014284	date:	2018-12-20T00:00:00
db:	PACKETSTORM	id:	149055	date:	2018-08-23T17:38:31
db:	CNNVD	id:	CNNVD-201708-177	date:	2017-08-07T00:00:00
db:	NVD	id:	CVE-2017-12573	date:	2018-08-24T19:29:00.533