Authorization Bypass in Peplink Balance Two by Peplink Technologies
CVE-2023-49230

8.8HIGH

Key Information:

Vendor: Peplink Technologies
Vendor: CVE Published:; 28 December 2023

🔔 Create Peplink Technologies Vulnerability Alert

What is CVE-2023-49230?

A security flaw exists in Peplink Balance Two versions prior to 8.4.0 due to a missing authorization check in its captive portal functionality. This vulnerability allows unauthenticated attackers to alter the configurations of the portals, potentially compromising the integrity and security of the network. Proper authentication mechanisms should be enforced to mitigate this risk and protect sensitive settings from unauthorized changes.

References

https://www.synacktiv.com/publications%253Ffield_tags_tar...

https://www.synacktiv.com/sites/default/files/2023-12/syn...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 28, 2023
Vulnerability Reserved
Nov 24, 2023

CVE-2023-49230 Data

JSON