Lucene search

[email protected]CVE-2020-24246

HistoryOct 07, 2020 - 4:15 p.m.

CVE-2020-24246

2020-10-0716:15:16

[email protected]

web.nvd.nist.gov

cve-2020-24246

peplink balance

web security

php

unauthenticated access

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.

Affected configurations

NVD

Node

peplinkbalance_20xMatch-

AND

peplinkbalance_20x_firmwareRange≤8.1.0

Node

peplinkbalance_310xMatch-

AND

peplinkbalance_310x_firmwareRange≤8.1.0

Node

peplinkmbxMatch-

AND

peplinkmbx_firmwareRange≤8.1.0

Node

peplinkepxMatch-

AND

peplinkepx_firmwareRange≤8.1.0

Node

peplinksdxMatch-

AND

peplinksdx_firmwareRange≤8.1.0

Node

peplinkbalance_30_lteMatch-

AND

peplinkbalance_30_lte_firmwareRange≤8.1.0

Node

peplinkbalance_20Match-

AND

peplinkbalance_20_firmwareRange≤8.1.0

Node

peplinkbalance_30Match-

AND

peplinkbalance_30_firmwareRange≤8.1.0

Node

peplinkbalance_30_pro_firmwareRange≤8.1.0

AND

peplinkbalance_30_proMatch-

Node

peplinkbalance_50_firmwareRange≤8.1.0

AND

peplinkbalance_50Match-

Node

peplinkbalance_50_firmwareRange≤8.1.0

AND

peplinkbalance_50Match-

Node

peplinkbalance_one_firmwareRange≤8.1.0

AND

peplinkbalance_oneMatch-

Node

peplinkbalance_two_firmwareRange≤8.1.0

AND

peplinkbalance_twoMatch-

Node

peplinkbalance_210_firmwareRange≤8.1.0

AND

peplinkbalance_210Match-

Node

peplinkbalance_210_firmwareRange≤8.1.0

AND

peplinkbalance_210Match-

Node

peplinkbalance_310_firmwareRange≤8.1.0

AND

peplinkbalance_310Match-

Node

peplinkbalance_305_firmwareRange≤8.1.0

AND

peplinkbalance_305Matchhw2

Node

peplinkbalance_380_firmwareRange≤8.1.0

AND

peplinkbalance_380Matchhw6

Node

peplinkbalance_580_firmwareRange≤8.1.0

AND

peplinkbalance_580Matchhw2-3

Node

peplinkbalance_710_firmwareRange≤8.1.0

AND

peplinkbalance_710Matchhw3

Node

peplinkbalance_1350_firmwareRange≤8.1.0

AND

peplinkbalance_1350Matchhw2

Node

peplinkbalance_2500_firmwareRange≤8.1.0

AND

peplinkbalance_2500Match-

Node

peplinkmax_br1_mk2_firmwareRange≤8.1.0

AND

peplinkmax_br1_mk2Match-

Node

peplinkmax_br1_classic_firmwareRange≤8.1.0

AND

peplinkmax_br1_classicMatchhw2-3

Node

peplinkmax_br1_slim_firmwareRange≤8.1.0

AND

peplinkmax_br1_slimMatch-

Node

peplinkmax_br1_mini_firmwareRange≤8.1.0

AND

peplinkmax_br1_miniMatch-

Node

peplinkmax_br1_m2m_firmwareRange≤8.1.0

AND

peplinkmax_br1_m2mMatch-

Node

peplinkmax_br1_ent_firmwareRange≤8.1.0

AND

peplinkmax_br1_entMatch-

Node

peplinkmax_br1_pro_firmwareRange≤8.1.0

AND

peplinkmax_br1_proMatch-

Node

peplinkmax_br1__ip67_firmwareRange≤8.1.0

AND

peplinkmax_br1__ip67Match-

Node

peplinkmax_br2_firmwareRange≤8.1.0

AND

peplinkmax_br2Match-

Node

peplinkmax_br1_ip55_firmwareRange≤8.1.0

AND

peplinkmax_br1_ip55Matchhw2-4

Node

peplinkmax_br2_ip55_firmwareRange≤8.1.0

AND

peplinkmax_br2_ip55Matchhw2-3

Node

peplinkmax_hd2_ip67_firmwareRange≤8.1.0

AND

peplinkmax_hd2_ip67Match-

Node

peplinkmax_hd2_mini_firmwareRange≤8.1.0

AND

peplinkmax_hd2_miniMatch-

Node

peplinkmax_hd2_firmwareRange≤8.1.0

AND

peplinkmax_hd2Match-

Node

peplinkmax_hd1_dome_firmwareRange≤8.1.0

AND

peplinkmax_hd1_domeMatch-

Node

peplinkmax_hd2_dome_firmwareRange≤8.1.0

AND

peplinkmax_hd2_domeMatch-

Node

peplinkmax_hd4_firmwareRange≤8.1.0

AND

peplinkmax_hd4Match-

Node

peplinkmax_hd4_ip67_firmwareRange≤8.1.0

AND

peplinkmax_hd4_ip67Match-

Node

peplinkmax_transit_firmwareRange≤8.1.0

AND

peplinkmax_transitMatch-

Node

peplinkmax_transit_duo_firmwareRange≤8.1.0

AND

peplinkmax_transit_duoMatch-

Node

peplinkmax_transit_mini_firmwareRange≤8.1.0

AND

peplinkmax_transit_miniMatch-

Node

peplinkmax_hotspot_firmwareRange≤8.1.0

AND

peplinkmax_hotspotMatch-

Node

peplinkmax_on-the-go_firmwareRange≤8.1.0

AND

peplinkmax_on-the-goMatchhw2

Node

peplinkmax_700_firmwareRange≤8.1.0

AND

peplinkmax_700Match-

Node

peplinkubr_lte_firmwareRange≤8.1.0

AND

peplinkubr_lteMatch-

Node

peplinksurf_soho_firmwareRange≤8.1.0

AND

peplinksurf_sohoMatchhw2

Node

peplinksurf_soho_mk3_firmwareRange≤8.1.0

AND

peplinksurf_soho_mk3Match-

Node

peplinkmediafast_200_firmwareRange≤8.1.0

AND

peplinkmediafast_200Match-

Node

peplinkmediafast_500_firmwareRange≤8.1.0

AND

peplinkmediafast_500Match-

Node

peplinkmediafast_750_firmwareRange≤8.1.0

AND

peplinkmediafast_750Match-

Node

peplinkmediafast_hd2_firmwareRange≤8.1.0

AND

peplinkmediafast_hd2Match-

Node

peplinkmediafast_hd4_firmwareRange≤8.1.0

AND

peplinkmediafast_hd4Match-

Node

peplinkspeedfusion_sfe_firmwareRange≤8.1.0

AND

peplinkspeedfusion_sfeMatch-

Node

peplinkspeedfusion_sfe_cam_firmwareRange≤8.1.0

AND

peplinkspeedfusion_sfe_camMatch-

Node

peplinkfusionhub_firmwareRange≤8.1.0

AND

peplinkfusionhubMatch-

CPENameOperatorVersion
peplink:balance_20x_firmwarepeplink balance 20x firmwarele8.1.0

CPE	Name	Operator	Version
peplink:balance_20x_firmware	peplink balance 20x firmware	le	8.1.0

References

blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/

download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.8%

JSON

Related for CVE-2020-24246

nvd1 prion1 cvelist1