HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2023-45744

CVSS 8.3v3.1pub. 2024-04-17upd. 2025-11-04

A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H
  • Peplink Smart Reader

    HW
    Peplink
    wszystkie wersje
  • Peplink Smart Reader Firmware

    OS
    Peplink
    1.2.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2023-39367CRITICAL9.1PL ✓ten sam produkt

OS command injection w interfejsie web Peplink Smart Reader (mac2name)

CVE-2023-40146MEDIUM6.8ten sam produkt

A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in...

CVE-2023-43491MEDIUM5.3ten sam produkt

An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of P...

CVE-2023-45209MEDIUM5.3ten sam produkt

An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality...

CVE-2017-8835CRITICAL9.8ten sam vendor

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b30...