Vulnerability CVE-2023-45209
Published: 2024-04-17

Description:
An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Type:

CWE-284

 (Improper Access Control)

 References:
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1865
https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256
Copyright 2024, cxsecurity.com

 

Back to Top