Smart Reader
Sign in to watchby Peplink
CVEs (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-43491 | 0.00 | — | 0.01 | Apr 17, 2024 | An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||
| CVE-2023-45209 | 0.00 | — | 0.00 | Apr 17, 2024 | An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||
| CVE-2023-45744 | 0.00 | — | 0.01 | Apr 17, 2024 | A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||
| CVE-2023-39367 | 0.00 | — | 0.03 | Apr 17, 2024 | An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||
| CVE-2023-40146 | 0.00 | — | 0.01 | Apr 17, 2024 | A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability. |