Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-49229 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-01-04 | N/A | 4.3 MEDIUM |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration. | |||||
| CVE-2023-49228 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-01-04 | N/A | 6.4 MEDIUM |
| An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root. | |||||
| CVE-2023-49230 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-01-04 | N/A | 8.8 HIGH |
| An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication. | |||||
| CVE-2023-49226 | 1 Peplink | 2 Balance Two, Balance Two Firmware | 2024-01-03 | N/A | 7.2 HIGH |
| An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root. | |||||
| CVE-2020-24246 | 1 Peplink | 110 Balance 1350, Balance 1350 Firmware, Balance 20 and 107 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin. | |||||