27 matches found
CVE-2023-49230
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...
CVE-2023-49226
An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root...
CVE-2023-49228
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root...
CVE-2023-49228
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root...
CVE-2023-49229
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration...
CVE-2023-49228
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root...
CVE-2023-49230
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...
CVE-2023-49228
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root...
CVE-2023-49229
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration...
CVE-2023-49230
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...
CVE-2023-49230
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...
Authorization
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...
Hardcoded credentials
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root...
CVE-2023-49228
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root...
CVE-2023-49230
CVE-2023-49230 affects Peplink Balance Two prior to 8.4.0. A missing authorization check in the captive portals allows unauthenticated actors to modify portal configurations. The Nuclei template details unauthenticated file uploads via /guest/portal_admin_upload.cgi, with resulting changes visibl...
CVE-2023-49229
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration...
CVE-2023-49229
Peplink Balance Two before 8.4.0 is affected. The issue is a missing authorization check in the administration web service, allowing read-only, unprivileged users to access sensitive device configuration information. Root cause: absent access control in the admin web service. Impact is informatio...
CVE-2023-49230
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...
CVE-2023-49228
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root...
CVE-2023-49228
Peplink Balance Two before 8.4.0 is affected. The vulnerability is in the console port authentication which uses hard-coded credentials, enabling a physically proximate attacker to execute arbitrary commands as root. Remediation: upgrade to version 8.4.0 or later; as a workaround, restrict physic...