CVE-2023-43491 - Vulnerability Details - OpenCVE

An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Peplink	Smart Reader Smart Reader Firmware

Configuration 1 [-]

AND

cpe:2.3:o:peplink:smart_reader_firmware:1.2.0:*:*:*:*:*:*:*

cpe:2.3:h:peplink:smart_reader:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256
https://security.netapp.com/advisory/ntap-20240828-0005/
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1863

History

Thu, 21 Aug 2025 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Peplink Peplink smart Reader Peplink smart Reader Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:peplink:smart_reader:-:::::::* cpe:2.3:o:peplink:smart_reader_firmware:1.2.0:::::::*
Vendors & Products		Peplink Peplink smart Reader Peplink smart Reader Firmware

Wed, 28 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20240828-0005/

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2024-04-17T12:55:49.894Z

Updated: 2024-08-28T15:02:44.383Z

Reserved: 2023-11-22T15:39:30.258Z

Link: CVE-2023-43491

Vulnrichment

Updated: 2024-08-28T15:02:44.383Z

NVD

Status : Analyzed

Published: 2024-04-17T13:15:07.370

Modified: 2025-08-21T18:01:37.967

Link: CVE-2023-43491

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-43491", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2023-11-22T15:39:30.258Z", "datePublished": "2024-04-17T12:55:49.894Z", "dateUpdated": "2024-08-28T15:02:44.383Z"}, "containers": {"cna": {"affected": [{"vendor": "Peplink", "product": "Smart Reader", "versions": [{"version": "v1.2.0 (in QEMU)", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE", "cweId": "CWE-284"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-04-17T17:00:07.280Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1863", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1863"}, {"url": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256", "name": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256"}], "credits": [{"lang": "en", "value": "Discovered by Matt Wiseman of Cisco Talos."}]}, "adp": [{"affected": [{"vendor": "peplink", "product": "smart_reader", "cpes": ["cpe:2.3:a:peplink:smart_reader:v1.2.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "v1.2.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T16:14:15.245093Z", "id": "CVE-2023-43491", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T16:19:27.931Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1863", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1863", "tags": ["x_transferred"]}, {"url": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256", "name": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240828-0005/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-28T15:02:44.383Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1863", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1863", "tags": ["x_transferred"]}, {"url": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256", "name": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240828-0005/"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-28T15:02:44.383Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-43491", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-12T16:14:15.245093Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:peplink:smart_reader:v1.2.0:*:*:*:*:*:*:*"], "vendor": "peplink", "product": "smart_reader", "versions": [{"status": "affected", "version": "v1.2.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T16:19:24.560Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by Matt Wiseman of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Peplink", "product": "Smart Reader", "versions": [{"status": "affected", "version": "v1.2.0 (in QEMU)"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1863", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1863"}, {"url": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256", "name": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256"}], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2024-04-17T17:00:07.280Z"}}}, "cveMetadata": {"cveId": "CVE-2023-43491", "state": "PUBLISHED", "dateUpdated": "2024-08-28T15:02:44.383Z", "dateReserved": "2023-11-22T15:39:30.258Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2024-04-17T12:55:49.894Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:smart_reader_firmware:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EC88FE9B-A7C2-4EAD-9830-65E07911BE83", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:smart_reader:-:*:*:*:*:*:*:*", "matchCriteriaId": "07C8582C-3B8B-453C-A7AD-7567F905377D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An information disclosure vulnerability exists in the web interface /cgi-bin/debug_dump.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad de la interfaz web /cgi-bin/debug_dump.cgi de Peplink Smart Reader v1.2.0 (en QEMU). Una solicitud HTTP especialmente manipulada puede dar lugar a la divulgaci\u00f3n de informaci\u00f3n confidencial. Un atacante puede realizar una solicitud HTTP no autenticada para desencadenar esta vulnerabilidad."}], "id": "CVE-2023-43491", "lastModified": "2025-08-21T18:01:37.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-17T13:15:07.370", "references": [{"source": "talos-cna@cisco.com", "tags": ["Vendor Advisory"], "url": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1863"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://forum.peplink.com/t/peplink-security-advisory-smart-reader-firmware-1-2-0-cve-2023-43491-cve-2023-45209-cve-2023-39367-cve-2023-45744-cve-2023-40146/47256"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20240828-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1863"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}