exploitDog

GHSA-r4rf-j49f-c6q2

Опубликовано: 17 апр. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.1

Описание

An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Ссылки

EPSS

Процентиль: 88%

0.03851

Низкий

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-78

Связанные уязвимости

CVE-2023-39367

CVSS3: 9.1

nvd

почти 2 года назад

An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

BDU:2024-03302

CVSS3: 9.1

fstec

около 2 лет назад

Уязвимость функции mac2name веб-интерфейса системы учёта рабочего времени и обеспечения пропускного режима Peplink Smart Reader, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 88%

0.03851

Низкий

9.1 Critical

CVSS3

CVE ID

Дефекты

CWE-78