CVE-2023-40146
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability.
Existe una vulnerabilidad de escalada de privilegios en la funcionalidad /bin/login de Peplink Smart Reader v1.2.0 (en QEMU). Un argumento de lĂnea de comando especialmente manipulado puede conducir a un escape de shell limitado y capacidades elevadas. Un atacante puede autenticarse con credenciales codificadas y ejecutar la funcionalidad de Busybox predeterminada desbloqueada para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-11-22 CVE Reserved
- 2024-04-17 CVE Published
- 2024-08-22 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CAPEC
References (2)
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Peplink Search vendor "Peplink" | Smart Reader Search vendor "Peplink" for product "Smart Reader" | * | - |
Affected
| ||||||