CVE-2023-45744

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-45744
A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

8.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1866
https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256
https://security.netapp.com/advisory/ntap-20240828-0006/
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1866
Configurations

No configuration.

History

21 Nov 2024, 08:27

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de integridad de datos en la funcionalidad de la interfaz web /cgi-bin/upload_config.cgi de Peplink Smart Reader v1.2.0 (en QEMU). Una solicitud HTTP especialmente manipulada puede provocar una modificación de la configuración. Un atacante puede realizar una solicitud HTTP no autenticada para desencadenar esta vulnerabilidad.
References
  • () https://security.netapp.com/advisory/ntap-20240828-0006/ -
References () https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256 - () https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256 -
References () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1866 - () https://talosintelligence.com/vulnerability_reports/TALOS-2023-1866 -

17 Apr 2024, 17:15

Type Values Removed Values Added
References
  • {'url': 'https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1866', 'source': 'talos-cna@cisco.com'}

17 Apr 2024, 14:15

Type Values Removed Values Added
References
  • () https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1866 -

17 Apr 2024, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-17 13:15

Updated : 2024-11-21 08:27

NVD link : CVE-2023-45744

Mitre link : CVE-2023-45744

CVE.ORG link : CVE-2023-45744

JSON object : View

Products Affected

No product.

CWE
CWE-284

Improper Access Control


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024