Lucene search
K

24 matches found

NVD
NVD
added 2023/10/11 4:15 p.m.33 views

CVE-2023-34356

An OS command injection vulnerability exists in the data.cgi xferdns functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

8.8CVSS7.6AI score0.05513EPSS
Exploits1References2
OSV
OSV
added 2023/10/11 4:15 p.m.4 views

CVE-2023-34356

An OS command injection vulnerability exists in the data.cgi xferdns functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

8.8CVSS7.3AI score0.05513EPSS
Exploits1References2
NVD
NVD
added 2023/10/11 4:15 p.m.23 views

CVE-2023-35194

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...

8.8CVSS7.7AI score0.05604EPSS
Exploits1References2
OSV
OSV
added 2023/10/11 4:15 p.m.5 views

CVE-2023-34354

A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...

5.4CVSS7.4AI score0.0081EPSS
Exploits1References2
NVD
NVD
added 2023/10/11 4:15 p.m.37 views

CVE-2023-34354

A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...

5.4CVSS4.4AI score0.0081EPSS
Exploits1References2
Prion
Prion
added 2023/10/11 4:15 p.m.19 views

Command injection

An OS command injection vulnerability exists in the admin.cgi MVPNtrialinit functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

6.5CVSS8.8AI score0.05913EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/10/11 4:15 p.m.19 views

Command injection

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...

6.5CVSS8.8AI score0.05604EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/10/11 4:15 p.m.25 views

Command injection

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...

6.5CVSS8.8AI score0.05604EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/10/11 4:15 p.m.26 views

Command injection

An OS command injection vulnerability exists in the admin.cgi USSDsend functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

6.5CVSS8.8AI score0.05749EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/10/11 4:15 p.m.27 views

Command injection

An OS command injection vulnerability exists in the data.cgi xferdns functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

6.5CVSS8.8AI score0.05513EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/10/11 3:16 p.m.41 views

CVE-2023-34356

An OS command injection vulnerability exists in the data.cgi xferdns functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS9AI score0.05513EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/10/11 3:16 p.m.12 views

CVE-2023-28381

An OS command injection vulnerability exists in the admin.cgi MVPNtrialinit functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS8.8AI score0.05913EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/10/11 3:16 p.m.20 views

CVE-2023-28381

An OS command injection vulnerability exists in the admin.cgi MVPNtrialinit functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS9AI score0.05913EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/10/11 3:16 p.m.8 views

CVE-2023-27380

An OS command injection vulnerability exists in the admin.cgi USSDsend functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability...

7.2CVSS8.8AI score0.05749EPSS
Exploits1References1
CVE
CVE
added 2023/10/11 3:16 p.m.55 views

CVE-2023-27380

CVE-2023-27380 affects Peplink Surf SOHO HW1, specifically the admin.cgi USSD_send endpoint. A crafted authenticated HTTP POST to the GSM/USSD_send path can reach the vulnerable code and, due to an unchecked ussd_code parameter, construct and execute an OS command via root privileges (mdstatus an...

8.8CVSS8.8AI score0.05749EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/11 3:16 p.m.9 views

CVE-2023-34354

A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...

3.4CVSS5.3AI score0.0081EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/10/11 3:16 p.m.38 views

CVE-2023-34354

A stored cross-site scripting XSS vulnerability exists in the uploadbrand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to...

3.4CVSS5.5AI score0.0081EPSS
Exploits1References1
CVE
CVE
added 2023/10/11 3:16 p.m.49 views

CVE-2023-34354

The TALOS advisory (TALOS-2023-1781) confirms a stored cross-site scripting (XSS) vulnerability in Peplink Surf SOHO HW1 v6.3.5 (QEMU). The issue resides in the upload_brand.cgi handler, where an authenticated user can trigger arbitrary JavaScript execution in another user’s browser via a crafted...

5.4CVSS5.8AI score0.0081EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/11 3:16 p.m.12 views

CVE-2023-35193

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...

7.2CVSS8.8AI score0.05604EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/10/11 3:16 p.m.12 views

CVE-2023-35194

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...

7.2CVSS8.8AI score0.05604EPSS
Exploits1References1
Rows per page
Query Builder