CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2023-39367

CVSS 9.1v3.1pub. 2024-04-17upd. 2025-11-04

An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Peplink Smart Reader

    HW
    Peplink
    wszystkie wersje
  • Peplink Smart Reader Firmware

    OS
    Peplink
    1.2.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2023-45744HIGH8.3ten sam produkt

A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink...

CVE-2023-40146MEDIUM6.8ten sam produkt

A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in...

CVE-2023-43491MEDIUM5.3ten sam produkt

An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of P...

CVE-2023-45209MEDIUM5.3ten sam produkt

An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality...

CVE-2017-8835CRITICAL9.8ten sam vendor

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b30...