漏洞描述
迅博peplink安全网关 在8.4.0版本之前存在一个漏洞,由于缺少授权检查,未认证的攻击者可修改 captive portal配置。具体来说,攻击者可通过/guest/portal_admin_upload.cgi上传文件,所做更改会在/guest/preview.cgi?portal_id=1中体现。
迅博peplink安全网关8.4.0版本之前未认证配置上传(CVE-2023-49230)
PoC代码
暂无相关漏洞推荐
- POC CVE-2019-14950: WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting
- POC CVE-2020-26836: SAP Solution Manager - Open Redirect
- POC CVE-2021-23394: elFinder < 2.1.58 - Remote Code Execution
- POC CVE-2022-0879: Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting
- POC CVE-2023-23897: Ozette Plugins - Cross-Site Request Forgery
- POC CVE-2023-3388: Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting
- POC CVE-2023-45038: QNAP Music Station < 5.4.0 - Authentication Bypass
- POC CVE-2024-28253: OpenMetaData - SpEL Injection in PUT /api/v1/policies
- POC CVE-2025-11307: WP Google Maps < 9.0.48 - Cross-Site Scripting
- POC CVE-2025-55182: React Server Components - Remote Code Execution
- 用友BIP LoginWithV8 登录绕过漏洞
- 用友U8 CRM /lead/leadconversion.php SQL 注入漏洞
- Astro Web Framework Cloudflare /_image 服务器端请求伪造漏洞(CVE-2025-58179)