CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

216 matches found

Peplink Balance Two before 8.4.0 - Unauthenticated Config Upload

A vulnerability in Peplink Balance Two prior to version 8.4.0 allows unauthenticated attackers to modify captive portal configurations due to a missing authorization check. Specifically, attackers can upload files via /guest/portaladminupload.cgi, with the changes reflected at...

8.8CVSS7.3AI score0.0205EPSS

Exploits1References3

EUVD•added 2 days ago•5 views

EUVD-2026-39651

Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/orgId endpoints...

7.7CVSS5.8AI score0.00213EPSS

Exploits0References2

NVD•added 2 days ago•4 views

CVE-2026-57920

Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/orgId endpoints...

7.7CVSS0.00213EPSS

Exploits0References1

CVE•added 2 days ago•6 views

CVE-2026-57920

Peplink InControl 2 (affected versions 2 through 2.14.2, before 2026-06-03) is vulnerable to a access-control bypass via a semicolon in requests to certain /rest/o/{orgId} endpoints. The available documents confirm the vulnerability and affected product but do not provide exploitation steps or a ...

7.7CVSS5.8AI score0.00213EPSS

Exploits0References1

Cvelist•added 2 days ago•31 views

CVE-2026-57920

Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/orgId endpoints...

7.7CVSS0.00213EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:36 p.m.•4 views

CVE-2023-49230

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication...

8.8CVSS6.8AI score0.0205EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:36 p.m.•8 views

CVE-2023-49229

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration...

4.3CVSS6.3AI score0.00488EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:36 p.m.•9 views

CVE-2023-49226

An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root...

7.2CVSS8.1AI score0.03423EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:49 a.m.•6 views

CVE-2020-24246

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files /filemanager/php/connector.php from Web Admin...

7.5CVSS7.1AI score0.01266EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 9:24 a.m.•5 views

CVE-2023-40146

A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted command line argument can lead to a limited-shell escape and elevated capabilities. An attacker can authenticate with hard-coded credentials and execute unblocke...

9.8CVSS7.4AI score0.01435EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2017-17783

Malware in sbrugna...

8.1CVSS8.5AI score0.03712EPSS

Exploits5References5

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2020-16981

Malware in sbrugna...

7.5CVSS7.5AI score0.01266EPSS

Exploits1References3