An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HPeplink Balance Two
HWPeplinkwszystkie wersjePeplink Balance Two Firmware
OSPeplink< 8.4.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2023-49230HIGH8.8ten sam produkt
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals ...
CVE-2020-24246HIGH7.5ten sam produkt
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filem...
CVE-2023-49228MEDIUM6.4ten sam produkt
An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded crede...
CVE-2023-49229MEDIUM4.3ten sam produkt
An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administrati...
CVE-2023-39367CRITICAL9.1PL ✓ten sam vendor
OS command injection w interfejsie web Peplink Smart Reader (mac2name)