An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page /cgi-bin/nasset.cgi. An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Cs-w50hd_firmware | Planex | * | 030720 (excluding) |