Known Vulnerabilities for Surf Soho by Peplink

Listed below are 7 of the newest known vulnerabilities associated with "Surf Soho" by "Peplink".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

More device details and information can be found at device.report here: Peplink Surf Soho

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-35194 json An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5... 8.8 - HIGH 2023-10-11 2023-10-18
CVE-2023-35193 json An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5... 8.8 - HIGH 2023-10-11 2023-10-18
CVE-2023-34356 json An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU)... 8.8 - HIGH 2023-10-11 2023-10-18
CVE-2023-34354 json A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.... 5.4 - MEDIUM 2023-10-11 2023-10-17
CVE-2023-28381 json An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (... 8.8 - HIGH 2023-10-11 2023-10-18
CVE-2023-27380 json An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEM... 8.8 - HIGH 2023-10-11 2023-10-18
CVE-2020-24246 json Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/conn... 7.5 - HIGH 2020-10-07 2020-10-23

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
HardwarePeplinkSurf Sohohw2
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report