Peplink Surf Soho Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Peplink Surf Soho Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2020-24246 — CVSS 7.5 (high): Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php)…
CVE-2023-35194 — CVSS 7.2 (high): An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A…
CVE-2023-27380 — CVSS 7.2 (high): An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A…
CVE-2023-28381 — CVSS 7.2 (high): An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A…
CVE-2023-34356 — CVSS 7.2 (high): An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially…
CVE-2023-35193 — CVSS 7.2 (high): An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A…
CVE-2023-34354 — CVSS 3.4 (low): A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A…