Vulnerabilities > Peplink > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-28 CVE-2023-49230 Missing Authorization vulnerability in Peplink Balance TWO Firmware 8.1.0
An issue was discovered in Peplink Balance Two before 8.4.0.
network
low complexity
peplink CWE-862
8.8
8.8
2023-12-25 CVE-2023-49226 Command Injection vulnerability in Peplink Balance TWO Firmware 8.1.0
An issue was discovered in Peplink Balance Two before 8.4.0.
network
low complexity
peplink CWE-77
7.2
7.2
2023-10-11 CVE-2023-27380 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
8.8
2023-10-11 CVE-2023-28381 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
8.8
2023-10-11 CVE-2023-34356 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
8.8
2023-10-11 CVE-2023-35193 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
8.8
2023-10-11 CVE-2023-35194 OS Command Injection vulnerability in Peplink Surf Soho Firmware 6.3.5
An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU).
network
low complexity
peplink CWE-78
8.8
8.8
2017-06-05 CVE-2017-8841 Path Traversal vulnerability in Peplink products
Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093.
network
low complexity
peplink CWE-22
7.5
7.5
2017-06-05 CVE-2017-8835 SQL Injection vulnerability in Peplink products
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093.
network
low complexity
peplink CWE-89
7.5
7.5