Skip to main content

Surf Soho Firmware

7 CVEs product

Monthly

CVE-2023-35194 HIGH POC This Week

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.6%
CVE-2023-35193 HIGH POC This Week

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.6%
CVE-2023-34356 HIGH POC This Week

An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.5%
CVE-2023-34354 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Surf Soho Firmware
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-28381 HIGH POC This Week

An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.9%
CVE-2023-27380 HIGH POC This Week

An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2020-24246 HIGH POC This Week

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Balance 20X Firmware Balance 310X Firmware Mbx Firmware +52
NVD
CVSS 3.1
7.5
EPSS
1.3%
EPSS 6% CVSS 8.8
HIGH POC This Week

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
EPSS 6% CVSS 8.8
HIGH POC This Week

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
EPSS 6% CVSS 8.8
HIGH POC This Week

An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Surf Soho Firmware
NVD
EPSS 6% CVSS 8.8
HIGH POC This Week

An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
EPSS 6% CVSS 8.8
HIGH POC This Week

An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Surf Soho Firmware
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Balance 20X Firmware +54
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy