Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
PeplinkBalance Two Firmware

5 matches found

CVE
CVEadded 2023/12/28 4:15 a.m.37 views

CVE-2023-49230

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.

8.8CVSS8.4AI score0.26457EPSS
CVE
CVEadded 2023/12/25 8:15 a.m.36 views

CVE-2023-49226

An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.

7.2CVSS7.5AI score0.01478EPSS
CVE
CVEadded 2023/12/28 4:15 a.m.36 views

CVE-2023-49229

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.

4.3CVSS4.3AI score0.00062EPSS
CVE
CVEadded 2020/10/07 4:15 p.m.35 views

CVE-2020-24246

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.

7.5CVSS7.6AI score0.00518EPSS
CVE
CVEadded 2023/12/28 4:15 a.m.29 views

CVE-2023-49228

An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.

6.4CVSS6.8AI score0.00074EPSS