cbcvebase.

Peplink Balance Two Firmware vulnerabilities

5 known vulnerabilities affecting peplink/balance_two_firmware.

Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-49230P2HIGHCVSS 8.8PoCfixed in 8.4.02023-12-28
CVE-2023-49230 [HIGH] CWE-862 CVE-2023-49230: An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captiv An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.
nvd
CVE-2023-49226P3HIGHCVSS 7.2fixed in 8.4.02023-12-25
CVE-2023-49226 [HIGH] CWE-77 CVE-2023-49226: An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute fea An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.
nvd
CVE-2020-24246P3HIGHCVSS 7.5≤ 8.1.02020-10-07
CVE-2020-24246 [HIGH] CVE-2020-24246: Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration fil Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.
nvd
CVE-2023-49228P4MEDIUMCVSS 6.4fixed in 8.4.02023-12-28
CVE-2023-49228 [MEDIUM] CWE-798 CVE-2023-49228: An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-c An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.
nvd
CVE-2023-49229P4MEDIUMCVSS 4.3fixed in 8.4.02023-12-28
CVE-2023-49229 [MEDIUM] CWE-862 CVE-2023-49229: An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the ad An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.
nvd