A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability.
References
Configurations
No configuration.
History
17 Apr 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Apr 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Apr 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-17 13:15
Updated : 2024-04-17 17:15
NVD link : CVE-2023-40146
Mitre link : CVE-2023-40146
CVE.ORG link : CVE-2023-40146
JSON object : View
Products Affected
No product.
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')