RSS   Vulnerabilities for 'Cs-qr20 firmware'   RSS

2018-08-24
 
CVE-2017-12577

CWE-798
 

 
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.

 
 
CVE-2017-12576

CWE-264
 

 
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.

 

 >>> Vendor: Planex 5 Products
Brl-04cw
Brl-04r
Brl-04ur
Smacam night vision
Cs-qr20 firmware


Copyright 2019, cxsecurity.com

 

Back to Top