CVE-2023-43491

An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Configurations

No configuration.

History

21 Nov 2024, 08:24

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240828-0005/ -
References () https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256 - () https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256 -
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1863 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1863 -
Summary
  • (es) Existe una vulnerabilidad de divulgación de información en la funcionalidad de la interfaz web /cgi-bin/debug_dump.cgi de Peplink Smart Reader v1.2.0 (en QEMU). Una solicitud HTTP especialmente manipulada puede dar lugar a la divulgación de información confidencial. Un atacante puede realizar una solicitud HTTP no autenticada para desencadenar esta vulnerabilidad.

17 Apr 2024, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1863', 'source': 'talos-cna@cisco.com'}

17 Apr 2024, 14:15

Type Values Removed Values Added
References
  • () https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1863 -

17 Apr 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-17 13:15

Updated : 2024-11-21 08:24


NVD link : CVE-2023-43491

Mitre link : CVE-2023-43491

CVE.ORG link : CVE-2023-43491


JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control