Data Integrity Vulnerability in Peplink Smart Reader v1.2.0
CVE-2023-45744

8.3HIGH

Key Information:

Vendor: Peplink
Status: Smart Reader
Vendor: CVE Published:; 17 April 2024

What is CVE-2023-45744?

A data integrity vulnerability exists within the web interface of Peplink Smart Reader version 1.2.0, specifically in the /cgi-bin/upload_config.cgi functionality. This weakness permits an attacker to send a specially crafted HTTP request, enabling unauthorized modifications to device configurations without authentication. As a result, this flaw poses significant risks to the device's operational integrity, allowing attackers to exploit the configuration, potentially leading to unauthorized access and control.

Affected Version(s)

Smart Reader v1.2.0 (in QEMU)

References

https://talosintelligence.com/vulnerability_reports/TALOS...

https://forum.peplink.com/t/peplink-security-advisory-sma...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Nov 22, 2023

Credit

Discovered by Matt Wiseman of Cisco Talos.

CVE-2023-45744 Data

JSON