Main Vulnerability Database SB2022082203

SB2022082203 - Hidden functionality in PLANEX MZK-DP150N

Published: August 22, 2022

Security Bulletin ID SB2022082203

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Hidden functionality (CVE-ID: CVE-2021-37289)

The vulnerability allows a remote user to compromise vulnerable system

The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote administrator on the local network can use this functionality to gain full access to the application and execute arbitrary OS commands on the target system.

Remediation

Install update from vendor's website.

References

https://jvn.jp/en/vu/JVNVU98291763/index.html