An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
References
Configurations
No configuration.
History
21 Nov 2024, 08:26
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256 - | |
References | () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1865 - |
17 Apr 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Apr 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-17 13:15
Updated : 2024-11-21 08:26
NVD link : CVE-2023-45209
Mitre link : CVE-2023-45209
CVE.ORG link : CVE-2023-45209
JSON object : View
Products Affected
No product.
CWE
CWE-284
Improper Access Control