CVE-2023-49230

HIGH NUCLEI

Peplink Balance Two <8.4.0 - Auth Bypass

Title source: llm

Description

An issue was discovered in Peplink Balance Two before 8.4.0. A missing authorization check in captive portals allows attackers to modify the portals' configurations without prior authentication.

Nuclei Templates (1)

Peplink Balance Two before 8.4.0 - Unauthenticated Config Upload

HIGHVERIFIEDby srilakivarma

Shodan: html:"PEPLINK"

References (2)

[Third Party Advisory] https://www.synacktiv.com/publications%253Ffield_tags_target_id%253D4

[Exploit, Third Party Advisory] https://www.synacktiv.com/sites/default/files/2023-12/synacktiv-peplink-multiple-vulnerabilities.pdf

Scores

CVSS v3 8.8

EPSS 0.3108

EPSS Percentile 96.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-862

Status published

Products (1)

peplink/balance_two_firmware < 8.4.0

Published Dec 28, 2023

Tracked Since Feb 18, 2026