Search criteria
15 vulnerabilities found for balance_two_firmware by peplink
FKIE_CVE-2023-49230
Vulnerability from fkie_nvd - Published: 2023-12-28 04:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4 | Third Party Advisory | |
| cve@mitre.org | https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| peplink | balance_two_firmware | * | |
| peplink | balance_two | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5E9A13-C60F-4F0D-ACAD-12A9E4130840",
"versionEndExcluding": "8.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C38FC37D-0615-48E2-9419-496E62679C4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals\u0027 configurations without prior authentication."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Peplink Balance Two antes de 8.4.0. Una verificaci\u00f3n de autorizaci\u00f3n faltante en portales cautivos permite a los atacantes modificar las configuraciones de los portales sin autenticaci\u00f3n previa."
}
],
"id": "CVE-2023-49230",
"lastModified": "2024-11-21T08:33:04.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-28T04:15:08.150",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49229
Vulnerability from fkie_nvd - Published: 2023-12-28 04:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4 | Third Party Advisory | |
| cve@mitre.org | https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| peplink | balance_two_firmware | * | |
| peplink | balance_two | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5E9A13-C60F-4F0D-ACAD-12A9E4130840",
"versionEndExcluding": "8.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C38FC37D-0615-48E2-9419-496E62679C4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Peplink Balance Two antes de 8.4.0. Una verificaci\u00f3n de autorizaci\u00f3n faltante en el servicio web de administraci\u00f3n permite a los usuarios sin privilegios y de solo lectura obtener informaci\u00f3n confidencial sobre la configuraci\u00f3n del dispositivo."
}
],
"id": "CVE-2023-49229",
"lastModified": "2024-11-21T08:33:04.143",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-28T04:15:08.100",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49228
Vulnerability from fkie_nvd - Published: 2023-12-28 04:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4 | Third Party Advisory | |
| cve@mitre.org | https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| peplink | balance_two_firmware | * | |
| peplink | balance_two | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5E9A13-C60F-4F0D-ACAD-12A9E4130840",
"versionEndExcluding": "8.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C38FC37D-0615-48E2-9419-496E62679C4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Peplink Balance Two antes de 8.4.0. La autenticaci\u00f3n del puerto de consola utiliza credenciales codificadas, lo que permite a un atacante con acceso f\u00edsico y conocimiento suficiente ejecutar comandos arbitrarios como root."
}
],
"id": "CVE-2023-49228",
"lastModified": "2024-11-21T08:33:03.993",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-28T04:15:08.023",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-49226
Vulnerability from fkie_nvd - Published: 2023-12-25 08:15 - Updated: 2024-11-21 08:33
Severity ?
Summary
An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4 | Third Party Advisory | |
| cve@mitre.org | https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| peplink | balance_two_firmware | * | |
| peplink | balance_two | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B5E9A13-C60F-4F0D-ACAD-12A9E4130840",
"versionEndExcluding": "8.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C38FC37D-0615-48E2-9419-496E62679C4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Peplink Balance Two antes de 8.4.0. La inyecci\u00f3n de comandos en la funci\u00f3n traceroute de la consola de administraci\u00f3n permite a los usuarios con privilegios de administrador ejecutar comandos arbitrarios como root."
}
],
"id": "CVE-2023-49226",
"lastModified": "2024-11-21T08:33:03.817",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-25T08:15:07.760",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-77"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-24246
Vulnerability from fkie_nvd - Published: 2020-10-07 16:15 - Updated: 2024-11-21 05:14
Severity ?
Summary
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/ | Exploit, Third Party Advisory | |
| cve@mitre.org | https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf | Release Notes, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_20x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9FF1C8-C6F4-4C7F-8558-BFA77BAC1566",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_20x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "31ED2710-380A-4985-B2DA-3BA1552382CD",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_310x_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8EA548F5-8E47-4C4C-80B7-2B6BBE831682",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_310x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1C2C614-5FB4-4805-8802-F45898EEDF1A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:mbx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AF0FD2EA-0CF6-49EC-B01E-8A7C3BB73F9A",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:mbx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3730248-3DA8-4371-91D4-2445917E014C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:epx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9BD63B7F-636D-4CB8-B7ED-34B00EB2C8CE",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:epx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "120EBBD2-1CC0-4D3B-B1DE-444E7FB307D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:sdx_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEB167E8-61AC-48E3-BA76-7F7B6CBC90F3",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:sdx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB0A56F4-9421-4DE1-B7AD-9462F5E31907",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_30_lte_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7C2924-C7D8-4609-A2F6-DF130EF239CA",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_30_lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB79658-59B6-4FDA-BCD8-3C06A642F4EE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_20_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A4CB02-91F0-4968-A597-7CFDBAC8161E",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E97ECFF-83CE-4671-867E-D036C29C3F63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_30_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF31535-9D71-41EC-A432-8DDA08383172",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "88D5A8A9-2387-4C30-B064-19CB2281822C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_30_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "47E2EE81-B6A5-48E9-8C8A-98186187D46C",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_30_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC56A95A-1203-42F1-8994-4B6F333B1443",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4CE3AC-0FB9-4DEF-8C6B-76EFBD41D5FF",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C725DE2D-1E47-4F41-BE63-51413EB9A8D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_50_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C4CE3AC-0FB9-4DEF-8C6B-76EFBD41D5FF",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C725DE2D-1E47-4F41-BE63-51413EB9A8D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_one_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1AE604A-C1B0-4EBC-A3DB-994D1FECA5B4",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_one:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3F33BB5-1CDB-4DE1-A245-A33A4A0B876B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBFC8E2-CD1A-42BC-BF44-7BD4FF80141E",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C38FC37D-0615-48E2-9419-496E62679C4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4555C651-8B0E-4A24-8361-3C9A4251A85B",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69FF95E9-ED96-4057-947B-7F927793627D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4555C651-8B0E-4A24-8361-3C9A4251A85B",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "69FF95E9-ED96-4057-947B-7F927793627D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_310_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36905AED-A2B0-4485-A6CA-335E6DFBAFE1",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51ABE09D-F16A-4180-9C5C-02E825EF5F9E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_305_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70C57D5E-B8A7-45BC-AADD-29C91D0A330E",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_305:hw2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B99871-6032-4067-90F1-5534AED66C08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_380_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B3C834C-3881-4BA9-B472-C047296CE240",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_380:hw6:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA3555D-DCFA-4455-95C0-5C00AA4E369F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_580_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5F7C3CC-810E-4E39-A541-0799B29D2BE0",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_580:hw2-3:*:*:*:*:*:*:*",
"matchCriteriaId": "356B3A44-4F4D-4457-88F3-8D60E98CD492",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_710_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EA496D3B-134A-4E63-8A6E-BFD457D04F67",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_710:hw3:*:*:*:*:*:*:*",
"matchCriteriaId": "DE2D6EDB-3AC4-4242-84A5-BF33F6E616AF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_1350_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0409C04A-EE3B-4C71-8D3D-AF23F97DA369",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_1350:hw2:*:*:*:*:*:*:*",
"matchCriteriaId": "84E0C470-D29C-4D66-A9E4-BFDA87727758",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:balance_2500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68D9CE04-6F1B-4A70-A2D0-E889B605FA13",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:balance_2500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D5058786-C405-4524-BD0C-0F08CB20C580",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_br1_mk2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2617DE3E-D8B7-47B4-B145-3BD9B1469ACE",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_br1_mk2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4FCA49-4F07-417D-A80D-B3F6504C121A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_br1_classic_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94C3C21B-A4AB-4C9D-9716-8E10634A1D8F",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_br1_classic:hw2-3:*:*:*:*:*:*:*",
"matchCriteriaId": "34647945-EFAD-4CDB-BEDF-740857675828",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_br1_slim_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "777D2EC4-82E2-410D-A589-59B87C2B820A",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_br1_slim:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C67293-4BDB-4936-AE09-1958F6EF9128",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_br1_mini_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A8F84D7-58A8-4B07-91EC-56014DAA974E",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_br1_mini:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D9C66D-A37A-4B8B-8E36-68CBDB832683",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_br1_m2m_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B57D2FFD-9DBD-4B54-8FEC-12F09239E9E1",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_br1_m2m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED626396-FBB8-4611-B60D-EE662D8D23C8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_br1_ent_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A397D23-4501-4ADB-A9B4-4DED0743B5E1",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_br1_ent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06797426-E425-4CB5-9B07-8A361C17CF96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_br1_pro_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20DD3DB4-8FC7-4F6B-AE6D-05EB5EC603D6",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_br1_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFFFD3E-5BC3-4595-ACE5-A540CDEF7033",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_br1__ip67_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7191D1E1-9BE6-449F-AAC8-1FF19E3BDB21",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_br1__ip67:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD85671-31F4-4AE6-AC03-20FBB367A0A8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_br2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E828CAC-ABDA-4577-9632-A9243EDC80C3",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_br2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15A9B1A8-BC46-4563-9A81-9132FEAE06BE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_br1_ip55_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F23641CB-88B3-42F7-A3CF-2710EE50D82F",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_br1_ip55:hw2-4:*:*:*:*:*:*:*",
"matchCriteriaId": "F8BF261C-104E-42F1-8BA3-58C795A99659",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_br2_ip55_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4038F65A-18BA-47D3-9E84-F7F4C819BB09",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_br2_ip55:hw2-3:*:*:*:*:*:*:*",
"matchCriteriaId": "E777378F-B136-4E7C-B224-FD0A979C62D9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_hd2_ip67_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C984C-9D3D-4B7A-A71C-63E91DAE4C45",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_hd2_ip67:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4656C71-82EF-492E-970F-FBDD5878181F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_hd2_mini_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E385EC2E-810B-4CC6-8A0E-1939F84B27B8",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_hd2_mini:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D4F4A79-DC24-4F4D-B880-DC5058CEB2E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_hd2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8C4C531-A983-4D47-8B5D-AFA3BFC647CB",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_hd2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F178E0-7513-4C77-A9D2-E77A81D121D3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_hd1_dome_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82257F6E-B375-4EFB-991B-C8E48A46B5C2",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_hd1_dome:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A260043-AE33-4D57-864B-FE26F8E3FDD6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_hd2_dome_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA4967C1-1B75-4FF0-8C4E-89132BDF0BB0",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_hd2_dome:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26F35AE8-A8D6-4DE3-872E-D2D5A490B241",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_hd4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EBFE245F-2A40-4FBA-A10E-A1D0FB203AD7",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_hd4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F65EAE1-7791-4B59-8A37-638F498DCB1E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_hd4_ip67_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD51258-E260-43A2-90BD-9A8808A0214D",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_hd4_ip67:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C92BBF93-D478-44D8-A518-63FF54A87457",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_transit_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02335BDF-76C9-4C35-8136-84F2DF10F021",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_transit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07F4D14E-F443-435D-8EBE-746DEC913F18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_transit_duo_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C529D8A6-7008-4FD8-935C-1C56623C6AC8",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_transit_duo:-:*:*:*:*:*:*:*",
"matchCriteriaId": "793363AA-5B1A-4678-9DCC-48466A98B6F6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_transit_mini_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B04A6FE-DB23-45AE-A280-921A27AD24C0",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_transit_mini:-:*:*:*:*:*:*:*",
"matchCriteriaId": "44C9BCF1-CC51-4038-B9C7-A00463B426C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_hotspot_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5731E381-DA84-4046-AF4D-4FB59C85EDD8",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_hotspot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A821CF64-D19E-4F8A-8652-EE3403DC9F08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_on-the-go_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13A4D71E-7119-415D-9B77-C1967DAD6B98",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_on-the-go:hw2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8970F7-D063-43CA-8A2E-FEF667B75431",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:max_700_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "745FC5C1-32D6-476B-8EDE-27EAA6623E3A",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:max_700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A836592-94DD-4CEB-A5FC-6742E45F0C38",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:ubr_lte_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77ECA737-B779-4997-AD6A-941E0BDA8E8D",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:ubr_lte:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB37C540-3176-4B6C-9D12-55FD82559C4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:surf_soho_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F471E9AC-1BA7-4F6A-BA64-F28B4688344B",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:surf_soho:hw2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF843B6A-DA62-4CD8-89F1-5A1AC2C5780D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:surf_soho_mk3_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4577AEB8-AD21-4B73-86C1-2A038C81D4A0",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:surf_soho_mk3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25FE9DD3-7262-4C85-A7EC-0D30545D7C4D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:mediafast_200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E391695C-A2B6-4FED-A5DE-4E859C80BD11",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:mediafast_200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7788912A-98D6-479E-9936-C5B4BD111850",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:mediafast_500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEB72E7E-5E61-48C3-BE28-4B0BD13D522A",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:mediafast_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F724D696-D8BF-4873-9F0A-E6846229D1F9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:mediafast_750_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31DE35AB-DEF7-42F8-99BD-D81497A6372B",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:mediafast_750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4608AF2A-E42E-42EB-B94F-E920835B2C24",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:mediafast_hd2_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E05BE02-9B2E-4BF1-A91F-F21B36830B1B",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:mediafast_hd2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F168E727-7373-4C68-AD9E-4BE7F1FA62C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:mediafast_hd4_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05BC233E-40AE-4EEC-9DAD-7DDC6C3DDEE0",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:mediafast_hd4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB8963C-BEC0-4BA1-BC51-379E520D0C0A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:speedfusion_sfe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "93C01035-3353-4CAE-8061-18A4C4429C05",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:speedfusion_sfe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "763AE9F8-1D4F-440C-98A7-11F3CDC88AF2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:speedfusion_sfe_cam_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D845A3F-CCFC-4FFB-A142-31F98EC156EE",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:speedfusion_sfe_cam:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B723CA-ACC0-4A7E-85E8-A7570FF1C127",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:peplink:fusionhub_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F300118-C305-4832-B9A1-0413DF23962B",
"versionEndIncluding": "8.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:peplink:fusionhub:-:*:*:*:*:*:*:*",
"matchCriteriaId": "880085F7-5E68-45A2-AD89-8C0649544183",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin."
},
{
"lang": "es",
"value": "Peplink Balance versiones anteriores a 8.1.0rc1, permite a un atacante no autenticado descargar archivos de configuraci\u00f3n PHP (archivo /filemanager/php/connector.php) desde Web Admin"
}
],
"id": "CVE-2020-24246",
"lastModified": "2024-11-21T05:14:32.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-07T16:15:16.640",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-49228 (GCVE-0-2023-49228)
Vulnerability from cvelistv5 – Published: 2023-12-28 00:00 – Updated: 2024-11-26 14:49
VLAI?
Summary
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49228",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T19:35:00.484067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:49:47.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T03:15:53.754490",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49228",
"datePublished": "2023-12-28T00:00:00",
"dateReserved": "2023-11-24T00:00:00",
"dateUpdated": "2024-11-26T14:49:47.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49230 (GCVE-0-2023-49230)
Vulnerability from cvelistv5 – Published: 2023-12-28 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:44.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals\u0027 configurations without prior authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T03:16:06.028392",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49230",
"datePublished": "2023-12-28T00:00:00",
"dateReserved": "2023-11-24T00:00:00",
"dateUpdated": "2024-08-02T21:53:44.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49229 (GCVE-0-2023-49229)
Vulnerability from cvelistv5 – Published: 2023-12-28 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:44.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T03:16:02.699229",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49229",
"datePublished": "2023-12-28T00:00:00",
"dateReserved": "2023-11-24T00:00:00",
"dateUpdated": "2024-08-02T21:53:44.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49226 (GCVE-0-2023-49226)
Vulnerability from cvelistv5 – Published: 2023-12-25 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-25T07:51:10.561570",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49226",
"datePublished": "2023-12-25T00:00:00",
"dateReserved": "2023-11-24T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24246 (GCVE-0-2020-24246)
Vulnerability from cvelistv5 – Published: 2020-10-07 15:10 – Updated: 2024-08-04 15:12
VLAI?
Summary
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-07T15:10:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf",
"refsource": "MISC",
"url": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf"
},
{
"name": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/",
"refsource": "MISC",
"url": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24246",
"datePublished": "2020-10-07T15:10:19",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T15:12:08.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49228 (GCVE-0-2023-49228)
Vulnerability from nvd – Published: 2023-12-28 00:00 – Updated: 2024-11-26 14:49
VLAI?
Summary
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49228",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T19:35:00.484067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:49:47.643Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T03:15:53.754490",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49228",
"datePublished": "2023-12-28T00:00:00",
"dateReserved": "2023-11-24T00:00:00",
"dateUpdated": "2024-11-26T14:49:47.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49230 (GCVE-0-2023-49230)
Vulnerability from nvd – Published: 2023-12-28 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:44.631Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals\u0027 configurations without prior authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T03:16:06.028392",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49230",
"datePublished": "2023-12-28T00:00:00",
"dateReserved": "2023-11-24T00:00:00",
"dateUpdated": "2024-08-02T21:53:44.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49229 (GCVE-0-2023-49229)
Vulnerability from nvd – Published: 2023-12-28 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:44.725Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T03:16:02.699229",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49229",
"datePublished": "2023-12-28T00:00:00",
"dateReserved": "2023-11-24T00:00:00",
"dateUpdated": "2024-08-02T21:53:44.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49226 (GCVE-0-2023-49226)
Vulnerability from nvd – Published: 2023-12-25 00:00 – Updated: 2024-08-02 21:53
VLAI?
Summary
An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:53:45.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-25T07:51:10.561570",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4"
},
{
"url": "https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-49226",
"datePublished": "2023-12-25T00:00:00",
"dateReserved": "2023-11-24T00:00:00",
"dateUpdated": "2024-08-02T21:53:45.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-24246 (GCVE-0-2020-24246)
Vulnerability from nvd – Published: 2020-10-07 15:10 – Updated: 2024-08-04 15:12
VLAI?
Summary
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:12:08.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-07T15:10:19",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf",
"refsource": "MISC",
"url": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf"
},
{
"name": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/",
"refsource": "MISC",
"url": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24246",
"datePublished": "2020-10-07T15:10:19",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T15:12:08.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}