Vulnerabilities > CVE-2020-24246 - Unspecified vulnerability in Peplink products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

peplink

NVD

Published: 2020-10-07

Updated: 2020-10-23

Summary

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.

Vulnerable Configurations

Part	Description	Count
OS	Peplink Peplink Balance 20X Firmware 8.1.0 Peplink Balance 310X Firmware 8.1.0 Peplink MBX Firmware * Peplink EPX Firmware 8.1.0 Peplink SDX Firmware * Peplink Balance 30 LTE Firmware 8.1.0 Peplink Balance 20 Firmware 8.1.0 Peplink Balance 30 Firmware 8.1.0 Peplink Balance 30 PRO Firmware 8.1.0 Peplink Balance 50 Firmware 8.1.0 Peplink Balance ONE Firmware 8.1.0 Peplink Balance TWO Firmware 8.1.0 Peplink Balance 210 Firmware 8.1.0 Peplink Balance 310 Firmware 8.1.0 Peplink Balance 305 Firmware 8.1.0 Peplink Balance 380 Firmware 8.1.0 Peplink Balance 580 Firmware 8.1.0 Peplink Balance 710 Firmware 8.1.0 Peplink Balance 1350 Firmware 8.1.0 Peplink Balance 2500 Firmware 8.1.0 Peplink MAX BR1 MK2 Firmware 8.1.0 Peplink MAX BR1 Classic Firmware 8.1.0 Peplink MAX BR1 Slim Firmware 8.1.0 Peplink MAX BR1 Mini Firmware 8.1.0 Peplink MAX BR1 M2M Firmware 8.1.0 Peplink MAX BR1 ENT Firmware 8.1.0 Peplink MAX BR1 PRO Firmware 8.1.0 Peplink MAX BR1 Ip67 Firmware 8.1.0 Peplink MAX BR2 Firmware 8.1.0 Peplink MAX BR1 Ip55 Firmware 8.1.0 Peplink MAX BR2 Ip55 Firmware 8.1.0 Peplink MAX HD2 Ip67 Firmware 8.1.0 Peplink MAX HD2 Mini Firmware 8.1.0 Peplink MAX HD2 Firmware 8.1.0 Peplink MAX HD1 Dome Firmware 8.1.0 Peplink MAX HD2 Dome Firmware 8.1.0 Peplink MAX HD4 Firmware 8.1.0 Peplink MAX HD4 Ip67 Firmware 8.1.0 Peplink MAX Transit Firmware 8.1.0 Peplink MAX Transit DUO Firmware 8.1.0 Peplink MAX Transit Mini Firmware * Peplink MAX Hotspot Firmware 8.1.0 Peplink MAX ON THE GO Firmware 8.1.0 Peplink MAX 700 Firmware 8.1.0 Peplink UBR LTE Firmware * Peplink Surf Soho Firmware 6.3.5 Peplink Surf Soho MK3 Firmware * Peplink Mediafast 200 Firmware * Peplink Mediafast 500 Firmware * Peplink Mediafast 750 Firmware * Peplink Mediafast HD2 Firmware * Peplink Mediafast HD4 Firmware * Peplink Speedfusion SFE Firmware * Peplink Speedfusion SFE CAM Firmware * Peplink Fusionhub Firmware 8.1.0	55
Hardware	Peplink Peplink Balance 20X - Peplink Balance 310X - Peplink MBX - Peplink EPX - Peplink SDX - Peplink Balance 30 LTE - Peplink Balance 20 - Peplink Balance 30 - Peplink Balance 30 PRO - Peplink Balance 50 - Peplink Balance ONE - Peplink Balance TWO - Peplink Balance 210 - Peplink Balance 310 - Peplink Balance 305 Hw2 Peplink Balance 380 Hw6 Peplink Balance 580 Hw2-3 Peplink Balance 710 Hw3 Peplink Balance 1350 Hw2 Peplink Balance 2500 - Peplink MAX BR1 MK2 - Peplink MAX BR1 Classic Hw2-3 Peplink MAX BR1 Slim - Peplink MAX BR1 Mini - Peplink MAX BR1 M2M - Peplink MAX BR1 ENT - Peplink MAX BR1 PRO - Peplink MAX BR1 Ip67 - Peplink MAX BR2 - Peplink MAX BR1 Ip55 Hw2-4 Peplink MAX BR2 Ip55 Hw2-3 Peplink MAX HD2 Ip67 - Peplink MAX HD2 Mini - Peplink MAX HD2 - Peplink MAX HD1 Dome - Peplink MAX HD2 Dome - Peplink MAX HD4 - Peplink MAX HD4 Ip67 - Peplink MAX Transit - Peplink MAX Transit DUO - Peplink MAX Transit Mini - Peplink MAX Hotspot - Peplink MAX ON THE GO Hw2 Peplink MAX 700 - Peplink UBR LTE - Peplink Surf Soho Hw2 Peplink Surf Soho MK3 - Peplink Mediafast 200 - Peplink Mediafast 500 - Peplink Mediafast 750 - Peplink Mediafast HD2 - Peplink Mediafast HD4 - Peplink Speedfusion SFE - Peplink Speedfusion SFE CAM - Peplink Fusionhub -	55

Summary

Vulnerable Configurations

References