Refine your search
10 vulnerabilities found for Surf SOHO HW1 by Peplink
CVE-2023-35194 (GCVE-0-2023-35194)
Vulnerability from nvd
Published
2023-10-11 15:16
Modified
2025-11-04 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Peplink | Surf SOHO HW1 |
Version: v6.3.5 (in QEMU) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:16:56.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1782"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "surf_soho_firmware",
"vendor": "peplink",
"versions": [
{
"status": "affected",
"version": "6.3.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35194",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:02:40.414390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:03:07.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Surf SOHO HW1",
"vendor": "Peplink",
"versions": [
{
"status": "affected",
"version": "v6.3.5 (in QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T17:00:09.136Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-35194",
"datePublished": "2023-10-11T15:16:55.771Z",
"dateReserved": "2023-06-14T20:41:25.821Z",
"dateUpdated": "2025-11-04T19:16:56.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-35193 (GCVE-0-2023-35193)
Vulnerability from nvd
Published
2023-10-11 15:16
Modified
2025-11-04 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Peplink | Surf SOHO HW1 |
Version: v6.3.5 (in QEMU) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:16:55.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1782"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "surf_soho_firmware",
"vendor": "peplink",
"versions": [
{
"status": "affected",
"version": "6.3.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35193",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:00:23.861432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:02:03.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Surf SOHO HW1",
"vendor": "Peplink",
"versions": [
{
"status": "affected",
"version": "v6.3.5 (in QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T17:00:09.009Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-35193",
"datePublished": "2023-10-11T15:16:55.642Z",
"dateReserved": "2023-06-14T20:41:25.820Z",
"dateUpdated": "2025-11-04T19:16:55.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-34356 (GCVE-0-2023-34356)
Vulnerability from nvd
Published
2023-10-11 15:16
Modified
2025-11-04 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Peplink | Surf SOHO HW1 |
Version: v6.3.5 (in QEMU) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:16:45.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1778",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1778"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1778"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:peplink:surf_soho:hw1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "surf_soho",
"vendor": "peplink",
"versions": [
{
"lessThanOrEqual": "v6.35",
"status": "affected",
"version": "hw1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34356",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:45:44.398881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:47:25.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Surf SOHO HW1",
"vendor": "Peplink",
"versions": [
{
"status": "affected",
"version": "v6.3.5 (in QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T17:00:08.369Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1778",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1778"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34356",
"datePublished": "2023-10-11T15:16:57.837Z",
"dateReserved": "2023-06-14T20:04:18.559Z",
"dateUpdated": "2025-11-04T19:16:45.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-34354 (GCVE-0-2023-34354)
Vulnerability from nvd
Published
2023-10-11 15:16
Modified
2025-11-04 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Peplink | Surf SOHO HW1 |
Version: v6.3.5 (in QEMU) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:16:44.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1781",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1781"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1781"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "surf_soho_firmware",
"vendor": "peplink",
"versions": [
{
"status": "affected",
"version": "6.3.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34354",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:03:26.544689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:05:03.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Surf SOHO HW1",
"vendor": "Peplink",
"versions": [
{
"status": "affected",
"version": "v6.3.5 (in QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user\u0027s browser. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T17:00:10.090Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1781",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1781"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34354",
"datePublished": "2023-10-11T15:16:56.439Z",
"dateReserved": "2023-06-14T20:33:45.712Z",
"dateUpdated": "2025-11-04T19:16:44.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-28381 (GCVE-0-2023-28381)
Vulnerability from nvd
Published
2023-10-11 15:16
Modified
2025-11-04 19:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Peplink | Surf SOHO HW1 |
Version: v6.3.5 (in QEMU) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:15:50.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1779",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1779"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1779"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "surf_soho_firmware",
"vendor": "peplink",
"versions": [
{
"status": "affected",
"version": "6.3.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28381",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:06:28.272014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:06:58.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Surf SOHO HW1",
"vendor": "Peplink",
"versions": [
{
"status": "affected",
"version": "v6.3.5 (in QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T17:00:08.675Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1779",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1779"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-28381",
"datePublished": "2023-10-11T15:16:57.415Z",
"dateReserved": "2023-06-14T20:05:43.486Z",
"dateUpdated": "2025-11-04T19:15:50.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-34356 (GCVE-0-2023-34356)
Vulnerability from cvelistv5
Published
2023-10-11 15:16
Modified
2025-11-04 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Peplink | Surf SOHO HW1 |
Version: v6.3.5 (in QEMU) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:16:45.332Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1778",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1778"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1778"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:h:peplink:surf_soho:hw1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "surf_soho",
"vendor": "peplink",
"versions": [
{
"lessThanOrEqual": "v6.35",
"status": "affected",
"version": "hw1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34356",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:45:44.398881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:47:25.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Surf SOHO HW1",
"vendor": "Peplink",
"versions": [
{
"status": "affected",
"version": "v6.3.5 (in QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T17:00:08.369Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1778",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1778"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34356",
"datePublished": "2023-10-11T15:16:57.837Z",
"dateReserved": "2023-06-14T20:04:18.559Z",
"dateUpdated": "2025-11-04T19:16:45.332Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-28381 (GCVE-0-2023-28381)
Vulnerability from cvelistv5
Published
2023-10-11 15:16
Modified
2025-11-04 19:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Peplink | Surf SOHO HW1 |
Version: v6.3.5 (in QEMU) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:15:50.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1779",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1779"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1779"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "surf_soho_firmware",
"vendor": "peplink",
"versions": [
{
"status": "affected",
"version": "6.3.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-28381",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:06:28.272014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:06:58.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Surf SOHO HW1",
"vendor": "Peplink",
"versions": [
{
"status": "affected",
"version": "v6.3.5 (in QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T17:00:08.675Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1779",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1779"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-28381",
"datePublished": "2023-10-11T15:16:57.415Z",
"dateReserved": "2023-06-14T20:05:43.486Z",
"dateUpdated": "2025-11-04T19:15:50.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-34354 (GCVE-0-2023-34354)
Vulnerability from cvelistv5
Published
2023-10-11 15:16
Modified
2025-11-04 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Summary
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user's browser. An attacker can make an authenticated HTTP request to trigger this vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Peplink | Surf SOHO HW1 |
Version: v6.3.5 (in QEMU) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:16:44.234Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1781",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1781"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1781"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "surf_soho_firmware",
"vendor": "peplink",
"versions": [
{
"status": "affected",
"version": "6.3.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34354",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:03:26.544689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:05:03.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Surf SOHO HW1",
"vendor": "Peplink",
"versions": [
{
"status": "affected",
"version": "v6.3.5 (in QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to execution of arbitrary javascript in another user\u0027s browser. An attacker can make an authenticated HTTP request to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T17:00:10.090Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1781",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1781"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-34354",
"datePublished": "2023-10-11T15:16:56.439Z",
"dateReserved": "2023-06-14T20:33:45.712Z",
"dateUpdated": "2025-11-04T19:16:44.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-35194 (GCVE-0-2023-35194)
Vulnerability from cvelistv5
Published
2023-10-11 15:16
Modified
2025-11-04 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Peplink | Surf SOHO HW1 |
Version: v6.3.5 (in QEMU) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:16:56.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1782"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "surf_soho_firmware",
"vendor": "peplink",
"versions": [
{
"status": "affected",
"version": "6.3.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35194",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:02:40.414390Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:03:07.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Surf SOHO HW1",
"vendor": "Peplink",
"versions": [
{
"status": "affected",
"version": "v6.3.5 (in QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset `0x4bde44`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T17:00:09.136Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-35194",
"datePublished": "2023-10-11T15:16:55.771Z",
"dateReserved": "2023-06-14T20:41:25.821Z",
"dateUpdated": "2025-11-04T19:16:56.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-35193 (GCVE-0-2023-35193)
Vulnerability from cvelistv5
Published
2023-10-11 15:16
Modified
2025-11-04 19:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Peplink | Surf SOHO HW1 |
Version: v6.3.5 (in QEMU) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:16:55.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782",
"tags": [
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782"
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1782"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:peplink:surf_soho_firmware:6.3.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "surf_soho_firmware",
"vendor": "peplink",
"versions": [
{
"status": "affected",
"version": "6.3.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35193",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T14:00:23.861432Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T14:02:03.524Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Surf SOHO HW1",
"vendor": "Peplink",
"versions": [
{
"status": "affected",
"version": "v6.3.5 (in QEMU)"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Discovered by Matt Wiseman of Cisco Talos."
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerability is specifically for the `system` call in the file `/web/MANGA/cgi-bin/api.cgi` for firmware version 6.3.5 at offset 0x4bddb8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-11T17:00:09.009Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1782"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2023-35193",
"datePublished": "2023-10-11T15:16:55.642Z",
"dateReserved": "2023-06-14T20:41:25.820Z",
"dateUpdated": "2025-11-04T19:16:55.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}