VYPR
Critical severity9.8NVD Advisory· Published Aug 24, 2018· Updated Jun 17, 2026

CVE-2017-12577

CVE-2017-12577

Description

An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.