Vulnerability Details CVE-2020-24246
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/
- https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf
- https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/
- https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf
Products affected by CVE-2020-24246
-
cpe:2.3:h:peplink:balance_1350:hw2
-
cpe:2.3:h:peplink:balance_20:-
-
cpe:2.3:h:peplink:balance_20x:-
-
cpe:2.3:h:peplink:balance_210:-
-
cpe:2.3:h:peplink:balance_2500:-
-
cpe:2.3:h:peplink:balance_305:hw2
-
cpe:2.3:h:peplink:balance_30:-
-
cpe:2.3:h:peplink:balance_30_lte:-
-
cpe:2.3:h:peplink:balance_30_pro:-
-
cpe:2.3:h:peplink:balance_310:-
-
cpe:2.3:h:peplink:balance_310x:-
-
cpe:2.3:h:peplink:balance_380:hw6
-
cpe:2.3:h:peplink:balance_50:-
-
cpe:2.3:h:peplink:balance_580:hw2-3
-
cpe:2.3:h:peplink:balance_710:hw3
-
cpe:2.3:h:peplink:balance_one:-
-
cpe:2.3:h:peplink:balance_two:-
-
cpe:2.3:h:peplink:epx:-
-
cpe:2.3:h:peplink:fusionhub:-
-
cpe:2.3:h:peplink:max_700:-
-
cpe:2.3:h:peplink:max_br1__ip67:-
-
cpe:2.3:h:peplink:max_br1_classic:hw2-3
-
cpe:2.3:h:peplink:max_br1_ent:-
-
cpe:2.3:h:peplink:max_br1_ip55:hw2-4
-
cpe:2.3:h:peplink:max_br1_m2m:-
-
cpe:2.3:h:peplink:max_br1_mini:-
-
cpe:2.3:h:peplink:max_br1_mk2:-
-
cpe:2.3:h:peplink:max_br1_pro:-
-
cpe:2.3:h:peplink:max_br1_slim:-
-
cpe:2.3:h:peplink:max_br2:-
-
cpe:2.3:h:peplink:max_br2_ip55:hw2-3
-
cpe:2.3:h:peplink:max_hd1_dome:-
-
cpe:2.3:h:peplink:max_hd2:-
-
cpe:2.3:h:peplink:max_hd2_dome:-
-
cpe:2.3:h:peplink:max_hd2_ip67:-
-
cpe:2.3:h:peplink:max_hd2_mini:-
-
cpe:2.3:h:peplink:max_hd4:-
-
cpe:2.3:h:peplink:max_hd4_ip67:-
-
cpe:2.3:h:peplink:max_hotspot:-
-
cpe:2.3:h:peplink:max_on-the-go:hw2
-
cpe:2.3:h:peplink:max_transit:-
-
cpe:2.3:h:peplink:max_transit_duo:-
-
cpe:2.3:h:peplink:max_transit_mini:-
-
cpe:2.3:h:peplink:mbx:-
-
cpe:2.3:h:peplink:mediafast_200:-
-
cpe:2.3:h:peplink:mediafast_500:-
-
cpe:2.3:h:peplink:mediafast_750:-
-
cpe:2.3:h:peplink:mediafast_hd2:-
-
cpe:2.3:h:peplink:mediafast_hd4:-
-
cpe:2.3:h:peplink:sdx:-
-
cpe:2.3:h:peplink:speedfusion_sfe:-
-
cpe:2.3:h:peplink:speedfusion_sfe_cam:-
-
cpe:2.3:h:peplink:surf_soho:hw2
-
cpe:2.3:h:peplink:surf_soho_mk3:-
-
cpe:2.3:h:peplink:ubr_lte:-
-
cpe:2.3:o:peplink:balance_1350_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_20_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_20x_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_210_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_2500_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_305_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_30_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_30_lte_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_30_pro_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_310_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_310x_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_380_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_50_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_580_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_710_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_one_firmware:8.1.0
-
cpe:2.3:o:peplink:balance_two_firmware:8.1.0
-
cpe:2.3:o:peplink:epx_firmware:8.1.0
-
cpe:2.3:o:peplink:fusionhub_firmware:8.1.0
-
cpe:2.3:o:peplink:max_700_firmware:8.1.0
-
cpe:2.3:o:peplink:max_br1__ip67_firmware:8.1.0
-
cpe:2.3:o:peplink:max_br1_classic_firmware:8.1.0
-
cpe:2.3:o:peplink:max_br1_ent_firmware:8.1.0
-
cpe:2.3:o:peplink:max_br1_ip55_firmware:8.1.0
-
cpe:2.3:o:peplink:max_br1_m2m_firmware:8.1.0
-
cpe:2.3:o:peplink:max_br1_mini_firmware:8.1.0
-
cpe:2.3:o:peplink:max_br1_mk2_firmware:8.1.0
-
cpe:2.3:o:peplink:max_br1_pro_firmware:8.1.0
-
cpe:2.3:o:peplink:max_br1_slim_firmware:8.1.0
-
cpe:2.3:o:peplink:max_br2_firmware:8.1.0
-
cpe:2.3:o:peplink:max_br2_ip55_firmware:8.1.0
-
cpe:2.3:o:peplink:max_hd1_dome_firmware:8.1.0
-
cpe:2.3:o:peplink:max_hd2_dome_firmware:8.1.0
-
cpe:2.3:o:peplink:max_hd2_firmware:8.1.0
-
cpe:2.3:o:peplink:max_hd2_ip67_firmware:8.1.0
-
cpe:2.3:o:peplink:max_hd2_mini_firmware:8.1.0
-
cpe:2.3:o:peplink:max_hd4_firmware:8.1.0
-
cpe:2.3:o:peplink:max_hd4_ip67_firmware:8.1.0
-
cpe:2.3:o:peplink:max_hotspot_firmware:8.1.0
-
cpe:2.3:o:peplink:max_on-the-go_firmware:8.1.0
-
cpe:2.3:o:peplink:max_transit_duo_firmware:8.1.0
-
cpe:2.3:o:peplink:max_transit_firmware:8.1.0
-
cpe:2.3:o:peplink:max_transit_mini_firmware:*
-
cpe:2.3:o:peplink:mbx_firmware:*
-
cpe:2.3:o:peplink:mediafast_200_firmware:*
-
cpe:2.3:o:peplink:mediafast_500_firmware:*
-
cpe:2.3:o:peplink:mediafast_750_firmware:*
-
cpe:2.3:o:peplink:mediafast_hd2_firmware:*
-
cpe:2.3:o:peplink:mediafast_hd4_firmware:*
-
cpe:2.3:o:peplink:sdx_firmware:*
-
cpe:2.3:o:peplink:speedfusion_sfe_cam_firmware:*
-
cpe:2.3:o:peplink:speedfusion_sfe_firmware:*
-
cpe:2.3:o:peplink:surf_soho_firmware:6.3.5
-
cpe:2.3:o:peplink:surf_soho_mk3_firmware:*
-
cpe:2.3:o:peplink:ubr_lte_firmware:*