CVE-2023-43491

CVSS v2.0

9.7

High

Vector

AV:N/AC:L/Au:N/C:P/I:C/A:C

Name of the Vulnerable Software and Affected Versions Peplink Smart Reader version 1.2.0

Description An information disclosure vulnerability exists in the web interface /cgi-bin/debug dump.cgi functionality. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this issue.

Recommendations For Peplink Smart Reader version 1.2.0, consider disabling access to the /cgi-bin/debug dump.cgi endpoint until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

Exploit

Fix

Improper Access Control

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-78

Related Identifiers

BDU:2024-03302

BDU:2024-03718

CVE-2023-43491

Affected Products

Peplink Smart Reader

CVE-2023-43491

Weakness Enumeration

Related Identifiers

Affected Products

References · 35