Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-35194 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2024-11-21 | N/A | 7.2 HIGH |
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`. | |||||
CVE-2023-35193 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2024-11-21 | N/A | 7.2 HIGH |
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8. | |||||
CVE-2023-34356 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2024-11-21 | N/A | 7.2 HIGH |
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2023-34354 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2024-11-21 | N/A | 3.4 LOW |
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2023-28381 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2024-11-21 | N/A | 7.2 HIGH |
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2023-27380 | 1 Peplink | 2 Surf Soho, Surf Soho Firmware | 2024-11-21 | N/A | 7.2 HIGH |
An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
CVE-2020-24246 | 1 Peplink | 110 Balance 1350, Balance 1350 Firmware, Balance 20 and 107 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin. |