GCVE - cpe:2.3:h:planex:cs-qr20:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:planex:cs-qr20:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Planex (`5e3975f2-d872-5cc3-afda-5e2c5ec3d4e0`)
Product	Cs Qr20 (`675cbad6-a011-55d7-be37-1d1edbccfc03`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-45836`	not_vulnerable	2026-06-03 14:56:59.091624	Details available Cross-site scripting vulnerability exists in the web management page of PLANEX COMMUNICATIONS network cameras. If a logged-in user accesses a specific file, an arbitrary script may be executed on the web browser of the user. Published: 2024-09-26T04:07:37.035Z Updated: 2025-03-25T16:28:16.689Z Open on db.gcve.eu Reference links https://jvn.jp/en/jp/JVN81966868/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-38399`	not_vulnerable	2026-06-03 14:47:49.652221	Details available Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection Published: 2022-09-08T07:10:46.000Z Updated: 2024-08-03T10:54:03.723Z Open on db.gcve.eu Reference links https://www.planex.co.jp/products/cs-qr10/index.shtml https://www.planex.co.jp/products/cs-qr20/index.shtml https://jvn.jp/en/vu/JVNVU90766406/index.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-12577`	not_vulnerable	2026-06-03 14:36:36.177206	Details available An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission. Published: 2018-08-24T19:00:00.000Z Updated: 2024-08-05T18:43:56.016Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2018/Aug/28	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-12576`	not_vulnerable	2026-06-03 14:36:36.176770	Details available An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command. Published: 2018-08-24T19:00:00.000Z Updated: 2024-08-05T18:43:56.135Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2018/Aug/27	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.