Описание
An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
Ссылки
- Vendor Advisory
- ExploitThird Party Advisory
- Vendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:peplink:smart_reader_firmware:1.2.0:*:*:*:*:*:*:*
cpe:2.3:h:peplink:smart_reader:-:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00496
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 5.3
github
почти 2 года назад
An information disclosure vulnerability exists in the web interface /cgi-bin/download_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
EPSS
Процентиль: 65%
0.00496
Низкий
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo