CVE-2023-45744 HIGH

CVE-2023-45744

Vendor Peplink

Product Smart Reader

Weakness CWE-284

Published April 17, 2024

Last update November 4, 2025

View on NVD All CVEs

CVSS base score

8.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H

What the vulnerability does

01Description

A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to configuration modification. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

Key dates

02Disclosure timeline

April 17, 2024 CVE published

November 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-45744 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

04Related CVE

CVE-2021-24688 Orange Form <= 1.0.1 - Unauthenticated Arbitrary Post Deletion CVE-2021-35528 Authentication Bypass Vulnerability Vulnerability in Retail Operations Product and Counterparty Settlement and Billing (CSB) CVE-2023-41772 Win32k Elevation of Privilege Vulnerability CVE-2024-20343 Cisco IOS XR Software CLI Arbitrary File Read Vulnerability CVE-2023-0998 SourceCodester Alphaware Simple E-Commerce System Payment summary.php access control