CVE-2023-39367

Name of the Vulnerable Software and Affected Versions Peplink Smart Reader version 1.2.0

Description A command injection vulnerability exists in the web interface's mac2name functionality. This issue arises due to the lack of measures to neutralize special elements used in operating system commands. Exploitation of this vulnerability can allow a remote attacker to execute arbitrary code by sending a specially crafted HTTP request. An attacker can trigger this vulnerability by making an authenticated HTTP request.

Recommendations For Peplink Smart Reader version 1.2.0, consider disabling the mac2name functionality in the web interface until a patch is available to prevent arbitrary command execution. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the vulnerable functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.