CVE-2023-39367
published 2024-04-17CVE-2023-39367: An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP…
PriorityP261high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
37.68%
98.3th percentile
An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| peplink | smart_reader | — | — |
| peplink | smart_reader_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerabilities in employee management system could lead to remote code execution, login credential theft
blogs_talos·2024-05-01·CVSS 5.3
[MEDIUM] Vulnerabilities in employee management system could lead to remote code execution, login credential theft
Cisco Talos’ Vulnerability Research team has disclosed more than a dozen vulnerabilities over the past three weeks, five in a device that allows employees to check in and out of their shifts, and another that exists in an open-source library used in medical device imaging files.
The Peplink Smart Reader contains several vulnerabilities, including one issue that could allow an adversary to obtain the administrator’s login credentials and the MD5-hashed version of their password.
Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.o
Talos
Vulnerabilities in employee management system could lead to remote code execution, login credential theft
blogs_talos·2024-05-01·CVSS 5.3
[MEDIUM] Vulnerabilities in employee management system could lead to remote code execution, login credential theft
## Vulnerabilities in employee management system could lead to remote code execution, login credential theft
Cisco Talos’ Vulnerability Research team has disclosed more than a dozen vulnerabilities over the past three weeks, five in a device that allows employees to check in and out of their shifts, and another that exists in an open-source library used in medical device imaging files.
The Peplink Smart Reader contains several vulnerabilities, including one issue that could allow an adversary to obtain the administrator’s login credentials and the MD5-hashed version of their password.
Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files.
For Snort
https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256https://talosintelligence.com/vulnerability_reports/TALOS-2023-1867https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256https://talosintelligence.com/vulnerability_reports/TALOS-2023-1867https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1867
2024-04-17
Published