Command injection

2023-12-2508:15:00

PRIOn knowledge base

www.prio-n.com

peplink balance two

command injection

traceroute

administration console

admin privileges

arbitrary commands

root

8.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.1%

JSON

An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.

CPENameOperatorVersion
balance_two_firmwarelt8.4.0

CPE	Name	Operator	Version
	balance_two_firmware	lt	8.4.0

References

www.synacktiv.com/publications%253Ffield_tags_target_id%253D4

www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf