Lucene search

TalosCVELIST:CVE-2023-28381

HistoryOct 11, 2023 - 3:16 p.m.

CVE-2023-28381

2023-10-1115:16:57

CWE-78

talos

www.cve.org

admin.cgi mvpn_trial_init

peplink surf soho hw1

qemu

command execution

http request

authenticated

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "Peplink",
    "product": "Surf SOHO HW1",
    "versions": [
      {
        "version": "v6.3.5 (in QEMU)",
        "status": "affected"
      }
    ]
  }
]

References

talosintelligence.com/vulnerability_reports/TALOS-2023-1779

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.7%

JSON

Related for CVELIST:CVE-2023-28381