CVE-2023-34354
published 2023-10-11CVE-2023-34354: A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted…
PriorityP426medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.81%
52.3th percentile
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| peplink | surf_soho_firmware | — | — |
| peplink | surf_soho_hw1 | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution
blogs_talos·2023-10-25·CVSS 7.5
[HIGH] 9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution
Cisco Talos has disclosed 17 vulnerabilities over the past two weeks, including nine that exist in a popular VPN software.
Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine.
Talos’ Vulnerability Research team also found a cross-site scripting (XSS) vulnerability in the Peplink Surf series of home and wireless routers that could allow an attacker to manipulate HTML elements into executing arbitrary JavaScript. However, this vulnerability is not considered to be particularly serious, with a CVSS severity score of only 3.4 out of 10.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets
Talos
9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution
blogs_talos·2023-10-25·CVSS 7.5
[HIGH] 9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution
## 9 vulnerabilities found in VPN software, including 1 critical issue that could lead to remote code execution
Cisco Talos has disclosed 17 vulnerabilities over the past two weeks, including nine that exist in a popular VPN software.
Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine.
Talos’ Vulnerability Research team also found a cross-site scripting (XSS) vulnerability in the Peplink Surf series of home and wireless routers that could allow an attacker to manipulate HTML elements into executing arbitrary JavaScript. However, this vulnerability is not considered to be particularly serious, with a CVSS severity score of only 3.4 out of
2023-10-11
Published