MEDIUM✓ PATCH🇬🇧 English

CVE-2023-40146

CVSS 6.8v3.1pub. 2024-04-17upd. 2025-11-04

A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability.

oryginał EN
CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Peplink Smart Reader

    HW
    Peplink
    wszystkie wersje
  • Peplink Smart Reader Firmware

    OS
    Peplink
    1.2.0
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2023-39367CRITICAL9.1PL ✓ten sam produkt

OS command injection w interfejsie web Peplink Smart Reader (mac2name)

CVE-2023-45744HIGH8.3ten sam produkt

A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink...

CVE-2023-43491MEDIUM5.3ten sam produkt

An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of P...

CVE-2023-45209MEDIUM5.3ten sam produkt

An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality...

CVE-2017-8835CRITICAL9.8ten sam vendor

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b30...

CVE-2023-40146 — MEDIUM 6.8 | CVEbaza.pl