CVE-2023-45209

Name of the Vulnerable Software and Affected Versions Peplink Smart Reader version 1.2.0

Description An information disclosure vulnerability exists in the web interface functionality of the /cgi-bin/download config.cgi endpoint. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Recommendations For Peplink Smart Reader version 1.2.0, consider restricting access to the /cgi-bin/download config.cgi endpoint until a patch is available. As a temporary workaround, avoid using this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.