VYPR
High severity7.2NVD Advisory· Published Oct 11, 2023· Updated Jun 17, 2026

CVE-2023-35194

CVE-2023-35194

Description

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the system call in the file /web/MANGA/cgi-bin/api.cgi for firmware version 6.3.5 at offset 0x4bde44.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Peplink/Surf Soho Hw1llm-fuzzy2 versions
    = 6.3.5+ 1 more
    • (no CPE)range: = 6.3.5
    • (no CPE)range: v6.3.5 (in QEMU)

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.