HIGH🇵🇱 Wersja polska

CVE-2023-49226

CVSS 7.2v3.1pub. 2023-12-25upd. 2024-11-21

An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Peplink Balance Two

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance Two Firmware

    OS
    Peplink
    < 8.4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-49230HIGH8.8ten sam produkt

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals ...

CVE-2020-24246HIGH7.5ten sam produkt

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filem...

CVE-2023-49228MEDIUM6.4ten sam produkt

An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded crede...

CVE-2023-49229MEDIUM4.3ten sam produkt

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administrati...

CVE-2023-39367CRITICAL9.1PL ✓ten sam vendor

OS command injection w interfejsie web Peplink Smart Reader (mac2name)