Vulnerabilities in Peplink

11 results

CVE-2023-39367CRITICALAn OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specialEPSS 37.7%CVE-2023-28381HIGHAn OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A speEPSS 5.9%CVE-2023-27380HIGHAn OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A speciallyEPSS 5.7%CVE-2023-35193HIGHAn OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A sEPSS 5.6%CVE-2023-35194HIGHAn OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A sEPSS 5.6%CVE-2023-34356HIGHAn OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially cEPSS 5.5%CVE-2023-43491MEDIUMAn information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (inEPSS 1.5%CVE-2023-40146MEDIUMA privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted coEPSS 1.4%CVE-2023-45209MEDIUMAn information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.EPSS 1.4%CVE-2023-45744HIGHA data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU)EPSS 1.3%CVE-2023-34354LOWA stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A EPSS 0.8%