CVE-2023-40146

2024-04-1713:15:07

CWE-77

[email protected]

web.nvd.nist.gov

privilege escalation

peplink smart reader

authentication bypass

limited-shell escape

elevated capabilities

default busybox functionality

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

21.7%

JSON

A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability.

Affected configurations

Vulners

Node

peplinkmbxRange≤v1.2.0 (in QEMU)

VendorProductVersionCPE
peplinkmbx*cpe:2.3:h:peplink:mbx:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
peplink	mbx	*	cpe:2.3:h:peplink:mbx::::::::

CNA Affected

[
  {
    "vendor": "Peplink",
    "product": "Smart Reader",
    "versions": [
      {
        "version": "v1.2.0 (in QEMU)",
        "status": "affected"
      }
    ]
  }
]

References

forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256

talosintelligence.com/vulnerability_reports/TALOS-2023-1868