planex CVE Vulnerabilities & Metrics

Focus on planex vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About planex Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with planex. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total planex CVEs: 10
Earliest CVE date: 19 Oct 2013, 10:36 UTC
Latest CVE date: 26 Sep 2024, 05:15 UTC

Latest CVE reference: CVE-2024-45836

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical planex CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.36

Max CVSS: 10.0

Critical CVEs (≥9): 5

CVSS Range vs. Count

Range	Count
0.0-3.9	6
4.0-6.9	0
7.0-8.9	0
9.0-10.0	5

CVSS Distribution Chart

Top 5 Highest CVSS planex CVEs

These are the five CVEs with the highest CVSS scores for planex, sorted by severity first and recency.

CVE-2017-12577 planex Published on 24 Aug 2018, 19:29 UTC (CVSS: 10.0)
An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.
CVE-2017-12574 planex Published on 24 Aug 2018, 19:29 UTC (CVSS: 10.0)
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted.
CVE-2013-6026 planex Published on 19 Oct 2013, 10:36 UTC (CVSS: 10.0)
The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.
CVE-2017-12576 planex Published on 24 Aug 2018, 19:29 UTC (CVSS: 9.0)
An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.
CVE-2017-12573 planex Published on 24 Aug 2018, 19:29 UTC (CVSS: 9.0)
An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.

All CVEs for planex

CVE-2024-45836 planex vulnerability CVSS: 0 26 Sep 2024, 05:15 UTC

Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user.

CVE-2023-22376 planex vulnerability CVSS: 0 14 Feb 2023, 03:15 UTC

Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer.

CVE-2023-22375 planex vulnerability CVSS: 0 14 Feb 2023, 03:15 UTC

Cross-site request forgery (CSRF) vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to hijack the authentication and conduct arbitrary operations by having a logged-in user to view a malicious page. NOTE: This vulnerability only affects products that are no longer supported by the developer.

CVE-2023-22370 planex vulnerability CVSS: 0 14 Feb 2023, 03:15 UTC

Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. NOTE: This vulnerability only affects products that are no longer supported by the developer.

CVE-2022-38399 planex vulnerability CVSS: 0 08 Sep 2022, 08:15 UTC

Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection

CVE-2021-37289 planex vulnerability CVSS: 0 22 Aug 2022, 15:15 UTC

Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.

CVE-2017-12577 planex vulnerability CVSS: 10.0 24 Aug 2018, 19:29 UTC

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.

CVE-2017-12576 planex vulnerability CVSS: 9.0 24 Aug 2018, 19:29 UTC

An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command.

CVE-2017-12574 planex vulnerability CVSS: 10.0 24 Aug 2018, 19:29 UTC

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted.

CVE-2017-12573 planex vulnerability CVSS: 9.0 24 Aug 2018, 19:29 UTC

An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack.

CVE-2013-6026 planex vulnerability CVSS: 10.0 19 Oct 2013, 10:36 UTC

The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013.