CVE-2023-28381

Severity CVSS v4.0:
Pending analysis
Type:
CWE-78 OS Command Injections
Publication date:
11/10/2023
Last modified:
18/10/2023

Description

An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Vulnerable products and versions

CPE From Up to
cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*
cpe:2.3:h:peplink:surf_soho:hw1:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools