Vulnerabilities > Peplink > Surf Soho Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-11 | CVE-2023-34354 | Cross-site Scripting vulnerability in Peplink Surf Soho Firmware 6.3.5 A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). | 5.4 |
| 2020-10-07 | CVE-2020-24246 | Unspecified vulnerability in Peplink products Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin. | 5.0 |