CVE-2023-49226

2023-12-2500:00:00

mitre

www.cve.org

peplink balance two

command injection

administration console

admin privileges

arbitrary commands

root

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.1%

JSON

An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.

References

www.synacktiv.com/publications%253Ffield_tags_target_id%253D4

www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf