Vulnerabilities > CVE-2020-24246 - Unspecified vulnerability in Peplink products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.
Vulnerable Configurations
References
- https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/
- https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/
- https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf
- https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf