31640 matches found
CVE-2023-45209
An information disclosure vulnerability exists in the web interface /cgi-bin/downloadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger...
CVE-2023-43491
An information disclosure vulnerability exists in the web interface /cgi-bin/debugdump.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this...
CVE-2023-45209
An information disclosure vulnerability exists in the web interface /cgi-bin/downloadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger...
CVE-2023-45209
CVE-2023-45209 affects Peplink Smart Reader v1.2.0 (QEMU). The Red Hat advisory notes an information-disclosure vulnerability in the web interface at /cgi-bin/download_config.cgi. An unauthenticated HTTP request can disclose sensitive information. The documentation does not provide a remediation ...
CVE-2023-45744
A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability...
CVE-2023-45744
CVE-2023-45744 affects Peplink Smart Reader v1.2.0 (QEMU). The web interface feature /cgi-bin/upload_config.cgi is vulnerable: a specially crafted unauthenticated HTTP request can modify configuration, indicating a data integrity issue. Red Hat CVE entries (CVE-2023-45744 and related RH CVEs) con...
CVE-2023-39367
The set of Red Hat CVEs describe multiple issues affecting Peplink Smart Reader v1.2.0 (in QEMU): CVE-2023-39367 is an OS command injection in the web interface mac2name, exploitable by authenticated HTTP requests to execute commands; CVE-2023-40146 is a privilege-escalation via /bin/login that c...
CVE-2023-40146
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocke...
CVE-2023-40146
CVE-2023-40146 is a privilege escalation in Peplink Smart Reader v1.2.0 (QEMU) where a specially crafted argument to /bin/login can trigger a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default BusyBox functionalit...
CVE-2023-39367
An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2023-39367
An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...
CVE-2023-40146
A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocke...
Foxit PDF Reader and Editor Elevation of Privilege Vulnerability
Foxit PDF Reader is a Chinese Foxit Foxit company's a PDF reader.Foxit PDF Editor is a Chinese Foxit Foxit company's a PDF editor Foxit PDF Reader and Editor has an elevation of privilege vulnerability that can be exploited by placing a DLL file in the update-service folder to elevate privileges...
Peplink Smart Reader 访问控制错误漏洞
Peplink Smart Reader is a smart reader from Peplink Inc. It is used for employee time and attendance. An access control error vulnerability exists in Peplink Smart Reader v1.2.0, which stems from the presence of an information disclosure vulnerability that could lead to the disclosure of sensitiv...
Peplink Smart Reader 访问控制错误漏洞
Peplink Smart Reader is a smart reader from Peplink Inc. It is used for employee time and attendance. An access control error vulnerability exists in Peplink Smart Reader v1.2.0, which stems from the presence of an information disclosure vulnerability that could lead to the disclosure of sensitiv...
PT-2024-13229 · Peplink · Peplink Smart Reader
Name of the Vulnerable Software and Affected Versions: Peplink Smart Reader version 1.2.0 Description: An information disclosure vulnerability exists in the web interface functionality of the /cgi-bin/download config.cgi endpoint. A specially crafted HTTP request can lead to a disclosure of...
Peplink Smart Reader 操作系统命令注入漏洞
Peplink Smart Reader is a smart reader from Peplink Inc. It is used for employee time and attendance. An operating system command injection vulnerability exists in Peplink Smart Reader v1.2.0, which stems from the presence of an operating system command injection vulnerability that could lead to...
Peplink Smart Reader 访问控制错误漏洞
Peplink Smart Reader is a smart reader from Peplink Inc. It is used for employee time and attendance. An access control error vulnerability exists in Peplink Smart Reader version v1.2.0, which stems from the presence of a data integrity vulnerability that could lead to configuration modifications...
PT-2024-12857 · Peplink · Peplink Smart Reader
Name of the Vulnerable Software and Affected Versions: Peplink Smart Reader version 1.2.0 Description: A privilege escalation issue exists in the /bin/login functionality. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can...
Peplink Smart Reader web interface /cgi-bin/upload_config.cgi data integrity vulnerability
Talos Vulnerability Report TALOS-2023-1866 Peplink Smart Reader web interface /cgi-bin/uploadconfig.cgi data integrity vulnerability April 17, 2024 CVE Number CVE-2023-45744 SUMMARY A data integrity vulnerability exists in the web interface /cgi-bin/uploadconfig.cgi functionality of Peplink Smart...