High severity7.2NVD Advisory· Published Oct 11, 2023· Updated Jun 17, 2026
CVE-2023-35193
CVE-2023-35193
Description
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the system call in the file /web/MANGA/cgi-bin/api.cgi for firmware version 6.3.5 at offset 0x4bddb8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2=6.3.5+ 1 more
- (no CPE)range: =6.3.5
- (no CPE)range: v6.3.5 (in QEMU)
Patches
Vulnerability mechanics
References
2- talosintelligence.com/vulnerability_reports/TALOS-2023-1782nvdExploitProductThird Party Advisory
- www.talosintelligence.com/vulnerability_reports/TALOS-2023-1782nvd
News mentions
0No linked articles in our index yet.