CVE-2021-37289 Information

Description

Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.

Reference

https://jvn.jp/en/vu/JVNVU98291763/ http://www.planex.co.jp/products/mzk-dp150n/ https://samy.link/blog/a-hidden-web-shell-in-the-plug-in-wireless-planex-mzk-dp150n