CVE Tools

peplink

Networking InfrastructureHKcommercial

25

Cumulative CVEs

4

Monthly snapshots

#48

Peak rank

Top products

smart reader5 smart reader firmware5

Latest CVEs

The 15 most recently published vulnerabilities affecting peplink.

CVE-2023-45209An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to...5.3Apr 17, 2024
CVE-2023-43491An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a di...5.3Apr 17, 2024
CVE-2023-45744A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configurat...8.3Apr 17, 2024
CVE-2023-39367An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command exe...9.1Apr 17, 2024
CVE-2023-40146A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape an...6.8Apr 17, 2024
CVE-2023-49230An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.8.8Dec 28, 2023
CVE-2023-49229An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information abo...4.3Dec 28, 2023
CVE-2023-49228An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execu...6.4Dec 28, 2023
CVE-2023-49226An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary comman...7.2Dec 25, 2023
CVE-2023-34356An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An att...7.2Oct 11, 2023
CVE-2023-28381An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution...7.2Oct 11, 2023
CVE-2023-34354A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of a...3.4Oct 11, 2023
CVE-2023-27380An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An a...7.2Oct 11, 2023
CVE-2023-35194An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command executi...7.2Oct 11, 2023
CVE-2023-35193An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command executi...7.2Oct 11, 2023