CVE-2023-40146

Name of the Vulnerable Software and Affected Versions Peplink Smart Reader version 1.2.0

Description A privilege escalation issue exists in the /bin/login functionality. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this issue.

Recommendations For Peplink Smart Reader version 1.2.0, consider disabling the /bin/login functionality until a patch is available. Restrict access to the default busybox functionality to minimize the risk of exploitation. Avoid using hard-coded credentials for authentication until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.