Lucene search

[email protected]NVD:CVE-2023-49229

HistoryDec 28, 2023 - 4:15 a.m.

CVE-2023-49229

2023-12-2804:15:08

CWE-862

[email protected]

web.nvd.nist.gov

peplink balance two

administration web service

missing authorization check

sensitive information

device configuration

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.

Affected configurations

NVD

Node

peplinkbalance_two_firmwareRange<8.4.0

AND

peplinkbalance_twoMatch-

References

www.synacktiv.com/publications%253Ffield_tags_target_id%253D4

www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

0.0004 Low

EPSS

Percentile

14.2%

JSON

Related for NVD:CVE-2023-49229

cve1 prion1 cvelist1