CVE-2017-12573

Name of the Vulnerable Software and Affected Versions: PLANEX CS-W50HD devices with firmware before 030720

Description: A command-injection issue exists in the web management UI on the NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code, but authentication is required before executing the attack.

Recommendations: For PLANEX CS-W50HD devices with firmware before 030720, update the firmware to version 030720 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/cgi-bin/nasset.cgi" endpoint to minimize the risk of exploitation.