Security Advisory

CVE-2023-40146

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-04-17 12:55:47

Last updated 2025-11-04 18:16:38

Assigner talos

State PUBLISHED

Description

A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocked default busybox functionality to trigger this vulnerability.

← Browse all CVEs View on cve.org ↗