HIGH🇵🇱 Wersja polska

CVE-2026-57920

CVSS 7.7v3.1pub. 2026-06-26upd. 2026-07-02

Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • Peplink Intcontrol 2

    APP
    Peplink
    ≤ 2.14.2
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-39367CRITICAL9.1PL ✓ten sam vendor

OS command injection w interfejsie web Peplink Smart Reader (mac2name)

CVE-2017-8837CRITICAL9.8ten sam vendor

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware ...

CVE-2017-8835CRITICAL9.8ten sam vendor

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b30...

CVE-2023-45744HIGH8.3ten sam vendor

A data integrity vulnerability exists in the web interface /cgi-bin/upload_config.cgi functionality of Peplink...

CVE-2023-49230HIGH8.8ten sam vendor

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals ...