CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-43491
https://notcve.org/view.php?id=CVE-2023-43491
17 Apr 2024 — An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de divulgación de información en la funcionalidad de la interfaz web /cgi-bin/debug_dump.cgi de Peplink Smart Reader v1.2.0 (en QEMU). Una solicitud HTTP especialmente ma... • https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256 • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45209
https://notcve.org/view.php?id=CVE-2023-45209
17 Apr 2024 — An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de divulgación de información en la funcionalidad de la interfaz web /cgi-bin/download_config.cgi de Peplink Smart Reader v1.2.0 (en QEMU). Una solicitud HTTP especi... • https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256 • CWE-284: Improper Access Control •
CVSS: 9.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45744
https://notcve.org/view.php?id=CVE-2023-45744
17 Apr 2024 — A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de integridad de datos en la funcionalidad de la interfaz web /cgi-bin/upload_config.cgi de Peplink Smart Reader v1.2.0 (en QEMU). Una solicitud HTTP especialmente manipulada puede provoc... • https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256 • CWE-284: Improper Access Control •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39367
https://notcve.org/view.php?id=CVE-2023-39367
17 Apr 2024 — An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Existe una vulnerabilidad de inyección de comandos del sistema operativo en la funcionalidad mac2name de la interfaz web de Peplink Smart Reader v1.2.0 (en QEMU). Una solicitud HTTP especialmente manipulada puede provocar la ... • https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40146
https://notcve.org/view.php?id=CVE-2023-40146
17 Apr 2024 — A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability. Existe una vulnerabilidad de escalada de privilegios en la funcionalidad /bin/login de Peplink Smart Reader v1.2.0 (en QEMU). Un argumento de línea de... • https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •