JVNDB-2022-002338

Vulnerability from jvndb - Published: 2022-08-23 15:02 - Updated:2024-06-14 14:06
Severity ?
6.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
PLANEX MZK-DP150N contains hidden administrative functionality
Details
MZK-DP150N provided by PLANEX COMMUNICATIONS INC. contains a hidden administrative screen (CVE-2021-37289, CWE-912). In the initial settings of the product, the login account for the configuration screen is common to all products. Please change the account information from the initial settings before using it. Thomas J. Knudsen and Samy Younsi of Necrum Security Labs reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002338.html",
  "dc:date": "2024-06-14T14:06+09:00",
  "dcterms:issued": "2022-08-23T15:02+09:00",
  "dcterms:modified": "2024-06-14T14:06+09:00",
  "description": "MZK-DP150N provided by PLANEX COMMUNICATIONS INC. contains a hidden administrative screen (CVE-2021-37289, CWE-912).\r\n\r\nIn the initial settings of the product, the login account for the configuration screen is common to all products.\r\nPlease change the account information from the initial settings before using it.\r\n\r\nThomas J. Knudsen and Samy Younsi of Necrum Security Labs reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002338.html",
  "sec:cpe": {
    "#text": "cpe:/o:planex:mzk-dp150n_firmware",
    "@product": "MZK-DP150N firmware",
    "@vendor": "PLANEX COMMUNICATIONS INC.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "6.8",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2022-002338",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU98291763/index.html",
      "@id": "JVNVU#98291763",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2021-37289",
      "@id": "CVE-2021-37289",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-37289",
      "@id": "CVE-2021-37289",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/912.html",
      "@id": "CWE-912",
      "@title": "Hidden Functionality(CWE-912)"
    }
  ],
  "title": "PLANEX MZK-DP150N contains hidden administrative functionality"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.