Lucene search

[email protected]NVD:CVE-2023-49226

HistoryDec 25, 2023 - 8:15 a.m.

CVE-2023-49226

2023-12-2508:15:07

CWE-77

[email protected]

web.nvd.nist.gov

peplink balance two

admin privileges

command injection

traceroute feature

administration console

arbitrary commands

root

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

28.1%

JSON

An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.

Affected configurations

NVD

Node

peplinkbalance_two_firmwareRange<8.4.0

AND

peplinkbalance_twoMatch-

References

www.synacktiv.com/publications%253Ffield_tags_target_id%253D4

www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

28.1%

JSON

Related for NVD:CVE-2023-49226

cve1 prion1 cvelist1