Vulnerabilities (CVE)

Filtered by vendor Peplink Subscribe
Filtered by product Surf Soho
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-35194 1 Peplink 2 Surf Soho, Surf Soho Firmware 2024-11-21 N/A 7.2 HIGH
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`.
CVE-2023-35193 1 Peplink 2 Surf Soho, Surf Soho Firmware 2024-11-21 N/A 7.2 HIGH
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8.
CVE-2023-34356 1 Peplink 2 Surf Soho, Surf Soho Firmware 2024-11-21 N/A 7.2 HIGH
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2023-34354 1 Peplink 2 Surf Soho, Surf Soho Firmware 2024-11-21 N/A 3.4 LOW
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2023-28381 1 Peplink 2 Surf Soho, Surf Soho Firmware 2024-11-21 N/A 7.2 HIGH
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2023-27380 1 Peplink 2 Surf Soho, Surf Soho Firmware 2024-11-21 N/A 7.2 HIGH
An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2020-24246 1 Peplink 110 Balance 1350, Balance 1350 Firmware, Balance 20 and 107 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.