Peplink

Balance Two Firmware

5 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2023-49228

Exploit
  • EPSS 0.07%
  • Veröffentlicht 28.12.2023 04:15:08
  • Zuletzt bearbeitet 21.11.2024 08:33:03

An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.

4.3

CVE-2023-49229

Exploit
  • EPSS 0.06%
  • Veröffentlicht 28.12.2023 04:15:08
  • Zuletzt bearbeitet 21.11.2024 08:33:04

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.

8.8

CVE-2023-49230

Exploit
  • EPSS 31.49%
  • Veröffentlicht 28.12.2023 04:15:08
  • Zuletzt bearbeitet 21.11.2024 08:33:04

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.

7.2

CVE-2023-49226

Exploit
  • EPSS 1.48%
  • Veröffentlicht 25.12.2023 08:15:07
  • Zuletzt bearbeitet 21.11.2024 08:33:03

An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.

7.5

CVE-2020-24246

Exploit
  • EPSS 0.52%
  • Veröffentlicht 07.10.2020 16:15:16
  • Zuletzt bearbeitet 21.11.2024 05:14:32

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.