ГлавнаяУязвимости → CVE-2023-39367
9.1критическая

CVE-2023-39367

Описание

An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Затрагиваемое ПО
Peplink Smart reader firmwarePeplink Smart reader
CVSS
Балл9.1 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Источники
https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256https://talosintelligence.com/vulnerability_reports/TALOS-2023-1867https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256https://talosintelligence.com/vulnerability_reports/TALOS-2023-1867https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1867