Vulnerabilities > Peplink > Surf Soho Firmware > 6.3.5

DATE CVE VULNERABILITY TITLE RISK
2023-10-11 CVE-2023-27380 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
8.8
2023-10-11 CVE-2023-28381 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
8.8
2023-10-11 CVE-2023-34354 Cross-site Scripting vulnerability in Peplink Surf Soho Firmware 6.3.5
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-79
5.4
5.4
2023-10-11 CVE-2023-34356 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
8.8
2023-10-11 CVE-2023-35193 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
8.8
2023-10-11 CVE-2023-35194 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
8.8