peplink balance_two_firmware CVE Vulnerabilities (5)

CVEs: 5 CPE versions: View versions table

Summary

This page lists publicly disclosed CVE vulnerabilities affecting peplink balance_two_firmware (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.

Showing 15 of 5 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2023-49230 An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication. [email protected] 8.8 2.05% 2023-12-27 2026-06-17
CVE-2023-49229 An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration. [email protected] 4.3 0.49% 2023-12-27 2026-06-17
CVE-2023-49228 An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root. [email protected] 6.4 0.47% 2023-12-27 2026-06-17
CVE-2023-49226 An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root. [email protected] 7.2 3.42% 2023-12-25 2026-06-17
CVE-2020-24246 Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin. [email protected] 7.5 1.27% 2020-10-07 2026-06-16
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence