CVE-2021-37289

Name of the Vulnerable Software and Affected Versions Planex MZK-DP150N versions 1.42 through 1.43

Description The issue is related to insecure permissions in the administration interface, allowing attackers to execute system commands as root via the etc ro/web/syscmd.asp file. This can be exploited by a remote attacker to execute arbitrary commands using a specially crafted syscmd.asp file.

Recommendations For Planex MZK-DP150N versions 1.42 and 1.43, consider restricting access to the etc ro/web/syscmd.asp file to prevent exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.