HIGH🇵🇱 Wersja polska

CVE-2020-24246

CVSS 7.5v3.1pub. 2020-10-07upd. 2024-11-21

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Peplink Balance 1350

    HW
    Peplink
    hw2
  • Peplink Balance 1350 Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 20

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 20 Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 20x

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 20x Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 210

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 210 Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 2500

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 2500 Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 30

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 305

    HW
    Peplink
    hw2
  • Peplink Balance 305 Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 30 Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 30 Lte

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 30 Lte Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 30 Pro

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 30 Pro Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 310

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 310 Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 310x

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 310x Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 380

    HW
    Peplink
    hw6
  • Peplink Balance 380 Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 50

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 50 Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 580

    HW
    Peplink
    hw2-3
  • Peplink Balance 580 Firmware

    OS
    Peplink
    ≤ 8.1.0
  • Peplink Balance 710

    HW
    Peplink
    hw3
  • Peplink Balance 710 Firmware

    OS
    Peplink
    ≤ 8.1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2017-8835CRITICAL9.8ten sam produkt

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b30...

CVE-2017-8837CRITICAL9.8ten sam produkt

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware ...

CVE-2023-49230HIGH8.8ten sam produkt

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals ...

CVE-2023-49226HIGH7.2ten sam produkt

An issue was discovered in Peplink Balance Two before 8.4.0. Command injection in the traceroute feature of th...

CVE-2023-27380HIGH7.2ten sam produkt

An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1...