Design/Logic Flaw

2020-10-0716:15:00

PRIOn knowledge base

www.prio-n.com

0.003 Low

EPSS

Percentile

68.8%

JSON

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.

CPENameOperatorVersion
balance_1350_firmwarele8.1.0
balance_20_firmwarele8.1.0
balance_20x_firmwarele8.1.0
balance_210_firmwarele8.1.0
balance_210_firmwarele8.1.0
balance_2500_firmwarele8.1.0
balance_305_firmwarele8.1.0
balance_30_firmwarele8.1.0
balance_30_lte_firmwarele8.1.0
balance_30_pro_firmwarele8.1.0

Name	Operator	Version
balance_1350_firmware	le	8.1.0
balance_20_firmware	le	8.1.0
balance_20x_firmware	le	8.1.0
balance_210_firmware	le	8.1.0
balance_210_firmware	le	8.1.0
balance_2500_firmware	le	8.1.0
balance_305_firmware	le	8.1.0
balance_30_firmware	le	8.1.0
balance_30_lte_firmware	le	8.1.0
balance_30_pro_firmware	le	8.1.0