CVE-2023-45209
published 2024-04-17CVE-2023-45209: An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A…
PriorityP344high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.38%
68.7th percentile
An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| peplink | smart_reader | — | — |
| peplink | smart_reader_firmware | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Vulnerabilities in employee management system could lead to remote code execution, login credential theft
blogs_talos·2024-05-01·CVSS 5.3
[MEDIUM] Vulnerabilities in employee management system could lead to remote code execution, login credential theft
Cisco Talos’ Vulnerability Research team has disclosed more than a dozen vulnerabilities over the past three weeks, five in a device that allows employees to check in and out of their shifts, and another that exists in an open-source library used in medical device imaging files.
The Peplink Smart Reader contains several vulnerabilities, including one issue that could allow an adversary to obtain the administrator’s login credentials and the MD5-hashed version of their password.
Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.o
Talos
Vulnerabilities in employee management system could lead to remote code execution, login credential theft
blogs_talos·2024-05-01·CVSS 5.3
[MEDIUM] Vulnerabilities in employee management system could lead to remote code execution, login credential theft
## Vulnerabilities in employee management system could lead to remote code execution, login credential theft
Cisco Talos’ Vulnerability Research team has disclosed more than a dozen vulnerabilities over the past three weeks, five in a device that allows employees to check in and out of their shifts, and another that exists in an open-source library used in medical device imaging files.
The Peplink Smart Reader contains several vulnerabilities, including one issue that could allow an adversary to obtain the administrator’s login credentials and the MD5-hashed version of their password.
Talos also recently helped to responsibly disclose and patch other vulnerabilities in the Foxit PDF Reader and two open-source libraries that support the processing and handling of DICOM files.
For Snort
https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256https://talosintelligence.com/vulnerability_reports/TALOS-2023-1865https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256https://talosintelligence.com/vulnerability_reports/TALOS-2023-1865https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1865
2024-04-17
Published