Vulnerabilities (CVE)

Filtered by vendor Peplink Subscribe
Filtered by product Balance Two
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-49230 1 Peplink 2 Balance Two, Balance Two Firmware 2024-11-21 N/A 8.8 HIGH
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.
CVE-2023-49229 1 Peplink 2 Balance Two, Balance Two Firmware 2024-11-21 N/A 4.3 MEDIUM
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.
CVE-2023-49228 1 Peplink 2 Balance Two, Balance Two Firmware 2024-11-21 N/A 6.4 MEDIUM
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.
CVE-2023-49226 1 Peplink 2 Balance Two, Balance Two Firmware 2024-11-21 N/A 7.2 HIGH
An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.
CVE-2020-24246 1 Peplink 110 Balance 1350, Balance 1350 Firmware, Balance 20 and 107 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.