MEDIUM✓ PATCH🇬🇧 English

CVE-2023-43491

CVSS 5.3v3.1pub. 2024-04-17upd. 2025-11-04

An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • Peplink Smart Reader

    HW
    Peplink
    wszystkie wersje
  • Peplink Smart Reader Firmware

    OS
    Peplink
    1.2.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2023-39367CRITICAL9.1PL ✓ten sam produkt

OS command injection w interfejsie web Peplink Smart Reader (mac2name)

CVE-2023-45744HIGH8.3ten sam produkt

A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink...

CVE-2023-40146MEDIUM6.8ten sam produkt

A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in...

CVE-2023-45209MEDIUM5.3ten sam produkt

An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality...

CVE-2017-8835CRITICAL9.8ten sam vendor

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b30...

CVE-2023-43491 — MEDIUM 5.3 | CVEbaza.pl