Peplink Surf Soho Hw1 vulnerabilities
6 known vulnerabilities affecting peplink/surf_soho_hw1.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH5MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-35193P2HIGHCVSS 8.8vv6.3.5 (in QEMU)2023-10-11
CVE-2023-35193 [HIGH] CWE-78 CVE-2023-35193: An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of pep
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/w
nvd
CVE-2023-35194P2HIGHCVSS 8.8vv6.3.5 (in QEMU)2023-10-11
CVE-2023-35194 [HIGH] CWE-78 CVE-2023-35194: An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of pep
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/w
nvd
CVE-2023-28381P2HIGHCVSS 8.8vv6.3.5 (in QEMU)2023-10-11
CVE-2023-28381 [HIGH] CWE-78 CVE-2023-28381: An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of pepli
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2023-27380P2HIGHCVSS 8.8vv6.3.5 (in QEMU)2023-10-11
CVE-2023-27380 [HIGH] CWE-78 CVE-2023-27380: An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Sur
An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2023-34356P2HIGHCVSS 8.8vv6.3.5 (in QEMU)2023-10-11
CVE-2023-34356 [HIGH] CWE-78 CVE-2023-34356: An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2023-34354P4MEDIUMCVSS 5.4vv6.3.5 (in QEMU)2023-10-11
CVE-2023-34354 [MEDIUM] CWE-80 CVE-2023-34354: A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of pe
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd