Auth bypass in Planex Communications Inc. Cs-qp50f-ing2
CVE-2021-4468
PLANEX CS-QP50F-ING2 smart cameras expose a configuration backup interface over HTTP that does not require authentication. A remote, unauthenticated attacker can directly retrieve a compressed configuration backup file from the device. The…
Vulnerability class: Broken Authentication
EPSS: 0.006 (43.8th percentile) — read the EPSS interpretation.
Affected products
- Planex Communications Inc. Cs-qp50f-ing2 — versions 0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (exploit)
- disclosure@vulncheck.com (product)
- disclosure@vulncheck.com (third-party-advisory)