CVE-2023-45744

Name of the Vulnerable Software and Affected Versions Peplink Smart Reader version 1.2.0

Description A data integrity vulnerability exists in the web interface /cgi-bin/upload config.cgi functionality. A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this issue. The vulnerability is related to inadequate access control, allowing a remote attacker to modify the configuration by sending a specially crafted HTTP request.

Recommendations For Peplink Smart Reader version 1.2.0, consider disabling the /cgi-bin/upload config.cgi functionality until a patch is available to prevent configuration modification. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the vulnerable functionality in the web interface until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.