Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU). A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Peplink Surf SOHO HW1 操作系统命令注入漏洞
Vulnerability Description
Peplink Surf SOHO HW1是Peplink公司的一款小型路由器。 Peplink Surf SOHO HW1 v6.3.5版本存在操作系统命令注入漏洞,该漏洞源于data.cgi xfer_dns功能存在操作系统命令注入漏洞。攻击者可利用该漏洞通过特制的HTTP请求执行命令。
CVSS Information
N/A
Vulnerability Type
N/A