CVE-2023-45209

An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Configurations

No configuration.

History

21 Nov 2024, 08:26

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de divulgación de información en la funcionalidad de la interfaz web /cgi-bin/download_config.cgi de Peplink Smart Reader v1.2.0 (en QEMU). Una solicitud HTTP especialmente manipulada puede dar lugar a la divulgación de información confidencial. Un atacante puede realizar una solicitud HTTP no autenticada para desencadenar esta vulnerabilidad.
References () https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256 - () https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256 -
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1865 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1865 -

17 Apr 2024, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1865', 'source': 'talos-cna@cisco.com'}

17 Apr 2024, 14:15

Type Values Removed Values Added
References
  • () https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1865 -

17 Apr 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-17 13:15

Updated : 2024-11-21 08:26


NVD link : CVE-2023-45209

Mitre link : CVE-2023-45209

CVE.ORG link : CVE-2023-45209


JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control