3 matches found
CVE-2023-35194
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...
CVE-2023-35194
The Talos advisory details a concrete OS command injection in Peplink Surf SOHO HW1 v6.3.5 (QEMU) via the api.cgi endpoint, func=cmd.mvpn.x509.write. The vulnerable function xml_submit_x509_overwrite_mvpn_self builds shell commands using attacker-controlled cert and key parameters without proper ...
peplink Surf SOHO HW1 api.cgi cmd.mvpn.x509.write OS command injection vulnerability
Talos Vulnerability Report TALOS-2023-1782 peplink Surf SOHO HW1 api.cgi cmd.mvpn.x509.write OS command injection vulnerability October 11, 2023 CVE Number CVE-2023-35194,CVE-2023-35193 SUMMARY An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplin...