Vulnerabilities > Peplink

DATE CVE VULNERABILITY TITLE RISK
2023-12-28 CVE-2023-49228 Use of Hard-coded Credentials vulnerability in Peplink Balance TWO Firmware 8.1.0
An issue was discovered in Peplink Balance Two before 8.4.0.
high complexity
peplink CWE-798
6.4
2023-12-28 CVE-2023-49229 Missing Authorization vulnerability in Peplink Balance TWO Firmware 8.1.0
An issue was discovered in Peplink Balance Two before 8.4.0.
network
low complexity
peplink CWE-862
4.3
2023-12-28 CVE-2023-49230 Missing Authorization vulnerability in Peplink Balance TWO Firmware 8.1.0
An issue was discovered in Peplink Balance Two before 8.4.0.
network
low complexity
peplink CWE-862
8.8
2023-12-25 CVE-2023-49226 Command Injection vulnerability in Peplink Balance TWO Firmware 8.1.0
An issue was discovered in Peplink Balance Two before 8.4.0.
network
low complexity
peplink CWE-77
7.2
2023-10-11 CVE-2023-27380 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
2023-10-11 CVE-2023-28381 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
2023-10-11 CVE-2023-34354 Cross-site Scripting vulnerability in Peplink Surf Soho Firmware 6.3.5
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-79
5.4
2023-10-11 CVE-2023-34356 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
2023-10-11 CVE-2023-35193 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
2023-10-11 CVE-2023-35194 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8