Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-45744 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-08-21 | N/A | 8.3 HIGH |
A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | |||||
CVE-2023-45209 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-08-21 | N/A | 5.3 MEDIUM |
An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | |||||
CVE-2023-43491 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-08-21 | N/A | 5.3 MEDIUM |
An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | |||||
CVE-2023-40146 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-08-21 | N/A | 6.8 MEDIUM |
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability. | |||||
CVE-2023-39367 | 1 Peplink | 2 Smart Reader, Smart Reader Firmware | 2025-08-21 | N/A | 9.1 CRITICAL |
An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. |