Balance Two
Vulnerabilities
5
Known exploited
0
Max CVSS
8.8
Top EPSS
0.03423
Severity breakdown
Critical
0
High
3
Medium
2
Low
0
Also matched as (raw): balance_two_firmware
Top vulnerabilities
CVE-2023-49230An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.
CVE-2020-24246Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.
CVE-2023-49226An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of the administration console allows users with admin privileges to execute arbitrary commands as root.
CVE-2023-49228An issue was discovered in Peplink Balance Two before 8.4.0. Console port authentication uses hard-coded credentials, which allows an attacker with physical access and sufficient knowledge to execute arbitrary commands as root.
CVE-2023-49229An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in the administration web service allows read-only, unprivileged users to obtain sensitive information about the device configuration.