Vulnerabilities > Peplink > Surf Soho Firmware
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-11 | CVE-2023-27380 | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
2023-10-11 | CVE-2023-28381 | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
2023-10-11 | CVE-2023-34354 | Cross-site Scripting vulnerability in Peplink Surf Soho Firmware 6.3.5 A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 5.4 |
2023-10-11 | CVE-2023-34356 | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
2023-10-11 | CVE-2023-35193 | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
2023-10-11 | CVE-2023-35194 | OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5 An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 8.8 |
2020-10-07 | CVE-2020-24246 | Unspecified vulnerability in Peplink products Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin. | 5.0 |