Hidden functionality in MZK-DP150N - CVE-2021-37289
Published: August 22, 2022
Vulnerability identifier: #VU66671
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-37289
CWE-ID: CWE-912
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
MZK-DP150N
MZK-DP150N
Software vendor:
PLANEX COMMUNICATIONS
PLANEX COMMUNICATIONS
Description
The vulnerability allows a remote user to compromise vulnerable system
The vulnerability exists due to hidden functionality (backdoor) is present in software. A remote administrator on the local network can use this functionality to gain full access to the application and execute arbitrary OS commands on the target system.
Remediation
Install updates from vendor's website.