Peplink Smart Reader vulnerabilities
5 known vulnerabilities affecting peplink/smart_reader.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4
Vulnerabilities
Page 1 of 1
CVE-2023-39367P2HIGHCVSS 7.2vv1.2.0 (in QEMU)2024-04-17
CVE-2023-39367 [HIGH] CWE-78 CVE-2023-39367: An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink
An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2023-40146P3CRITICALCVSS 9.8vv1.2.0 (in QEMU)2024-04-17
CVE-2023-40146 [CRITICAL] CWE-77 CVE-2023-40146: A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vuln
nvd
CVE-2023-45744P3HIGHCVSS 8.8vv1.2.0 (in QEMU)2024-04-17
CVE-2023-45744 [HIGH] CWE-284 CVE-2023-45744: A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality
A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
nvd
CVE-2023-43491P3HIGHCVSS 7.5vv1.2.0 (in QEMU)2024-04-17
CVE-2023-43491 [HIGH] CWE-284 CVE-2023-43491: An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi function
An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
nvd
CVE-2023-45209P3HIGHCVSS 7.5vv1.2.0 (in QEMU)2024-04-17
CVE-2023-45209 [HIGH] CWE-284 CVE-2023-45209: An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi fun
An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
nvd