Information Disclosure Vulnerability in Peplink Smart Reader v1.2.0
CVE-2023-43491

5.3MEDIUM

Key Information:

Vendor: Peplink
Status: Smart Reader
Vendor: CVE Published:; 17 April 2024

What is CVE-2023-43491?

The Peplink Smart Reader presents a vulnerability in its web interface specifically within the /cgi-bin/debug_dump.cgi functionality. This flaw permits an attacker to exploit the system via a specially crafted HTTP request, resulting in the unintended disclosure of sensitive information. The vulnerability can be triggered without authentication, making it crucial for users of the affected product to apply necessary security measures and updates promptly to protect against potential information leaks.

Affected Version(s)

Smart Reader v1.2.0 (in QEMU)

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://forum.peplink.com/t/peplink-security-advisory-sma...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Nov 22, 2023

Credit

Discovered by Matt Wiseman of Cisco Talos.

CVE-2023-43491 Data

JSON