{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-07T15:10:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-24246", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf", "refsource": "MISC", "url": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf"}, {"name": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/", "refsource": "MISC", "url": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:12:08.683Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-24246", "datePublished": "2020-10-07T15:10:19", "dateReserved": "2020-08-13T00:00:00", "dateUpdated": "2024-08-04T15:12:08.683Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_20x:-:*:*:*:*:*:*:*", "matchCriteriaId": "31ED2710-380A-4985-B2DA-3BA1552382CD", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_20x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D9FF1C8-C6F4-4C7F-8558-BFA77BAC1566", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_310x:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1C2C614-5FB4-4805-8802-F45898EEDF1A", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_310x_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8EA548F5-8E47-4C4C-80B7-2B6BBE831682", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:mbx:-:*:*:*:*:*:*:*", "matchCriteriaId": "D3730248-3DA8-4371-91D4-2445917E014C", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:mbx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AF0FD2EA-0CF6-49EC-B01E-8A7C3BB73F9A", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:epx:-:*:*:*:*:*:*:*", "matchCriteriaId": "120EBBD2-1CC0-4D3B-B1DE-444E7FB307D8", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:epx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BD63B7F-636D-4CB8-B7ED-34B00EB2C8CE", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:sdx:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB0A56F4-9421-4DE1-B7AD-9462F5E31907", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:sdx_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEB167E8-61AC-48E3-BA76-7F7B6CBC90F3", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_30_lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "9CB79658-59B6-4FDA-BCD8-3C06A642F4EE", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_30_lte_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C7C2924-C7D8-4609-A2F6-DF130EF239CA", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_20:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E97ECFF-83CE-4671-867E-D036C29C3F63", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_20_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B4A4CB02-91F0-4968-A597-7CFDBAC8161E", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_30:-:*:*:*:*:*:*:*", "matchCriteriaId": "88D5A8A9-2387-4C30-B064-19CB2281822C", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_30_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEF31535-9D71-41EC-A432-8DDA08383172", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_30_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "47E2EE81-B6A5-48E9-8C8A-98186187D46C", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_30_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "EC56A95A-1203-42F1-8994-4B6F333B1443", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C4CE3AC-0FB9-4DEF-8C6B-76EFBD41D5FF", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_50:-:*:*:*:*:*:*:*", "matchCriteriaId": "C725DE2D-1E47-4F41-BE63-51413EB9A8D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C4CE3AC-0FB9-4DEF-8C6B-76EFBD41D5FF", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_50:-:*:*:*:*:*:*:*", "matchCriteriaId": "C725DE2D-1E47-4F41-BE63-51413EB9A8D8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_one_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E1AE604A-C1B0-4EBC-A3DB-994D1FECA5B4", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_one:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3F33BB5-1CDB-4DE1-A245-A33A4A0B876B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_two_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCBFC8E2-CD1A-42BC-BF44-7BD4FF80141E", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_two:-:*:*:*:*:*:*:*", "matchCriteriaId": "C38FC37D-0615-48E2-9419-496E62679C4D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4555C651-8B0E-4A24-8361-3C9A4251A85B", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_210:-:*:*:*:*:*:*:*", "matchCriteriaId": "69FF95E9-ED96-4057-947B-7F927793627D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4555C651-8B0E-4A24-8361-3C9A4251A85B", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_210:-:*:*:*:*:*:*:*", "matchCriteriaId": "69FF95E9-ED96-4057-947B-7F927793627D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_310_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "36905AED-A2B0-4485-A6CA-335E6DFBAFE1", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_310:-:*:*:*:*:*:*:*", "matchCriteriaId": "51ABE09D-F16A-4180-9C5C-02E825EF5F9E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_305_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "70C57D5E-B8A7-45BC-AADD-29C91D0A330E", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_305:hw2:*:*:*:*:*:*:*", "matchCriteriaId": "F0B99871-6032-4067-90F1-5534AED66C08", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_380_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B3C834C-3881-4BA9-B472-C047296CE240", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_380:hw6:*:*:*:*:*:*:*", "matchCriteriaId": "5FA3555D-DCFA-4455-95C0-5C00AA4E369F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_580_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D5F7C3CC-810E-4E39-A541-0799B29D2BE0", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_580:hw2-3:*:*:*:*:*:*:*", "matchCriteriaId": "356B3A44-4F4D-4457-88F3-8D60E98CD492", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_710_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EA496D3B-134A-4E63-8A6E-BFD457D04F67", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_710:hw3:*:*:*:*:*:*:*", "matchCriteriaId": "DE2D6EDB-3AC4-4242-84A5-BF33F6E616AF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_1350_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0409C04A-EE3B-4C71-8D3D-AF23F97DA369", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_1350:hw2:*:*:*:*:*:*:*", "matchCriteriaId": "84E0C470-D29C-4D66-A9E4-BFDA87727758", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:balance_2500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "68D9CE04-6F1B-4A70-A2D0-E889B605FA13", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:balance_2500:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5058786-C405-4524-BD0C-0F08CB20C580", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_br1_mk2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2617DE3E-D8B7-47B4-B145-3BD9B1469ACE", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_br1_mk2:-:*:*:*:*:*:*:*", "matchCriteriaId": "2F4FCA49-4F07-417D-A80D-B3F6504C121A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_br1_classic_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "94C3C21B-A4AB-4C9D-9716-8E10634A1D8F", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_br1_classic:hw2-3:*:*:*:*:*:*:*", "matchCriteriaId": "34647945-EFAD-4CDB-BEDF-740857675828", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_br1_slim_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "777D2EC4-82E2-410D-A589-59B87C2B820A", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_br1_slim:-:*:*:*:*:*:*:*", "matchCriteriaId": "F4C67293-4BDB-4936-AE09-1958F6EF9128", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_br1_mini_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A8F84D7-58A8-4B07-91EC-56014DAA974E", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_br1_mini:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3D9C66D-A37A-4B8B-8E36-68CBDB832683", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_br1_m2m_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B57D2FFD-9DBD-4B54-8FEC-12F09239E9E1", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_br1_m2m:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED626396-FBB8-4611-B60D-EE662D8D23C8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_br1_ent_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2A397D23-4501-4ADB-A9B4-4DED0743B5E1", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_br1_ent:-:*:*:*:*:*:*:*", "matchCriteriaId": "06797426-E425-4CB5-9B07-8A361C17CF96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_br1_pro_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "20DD3DB4-8FC7-4F6B-AE6D-05EB5EC603D6", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_br1_pro:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FFFFD3E-5BC3-4595-ACE5-A540CDEF7033", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_br1__ip67_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7191D1E1-9BE6-449F-AAC8-1FF19E3BDB21", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_br1__ip67:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBD85671-31F4-4AE6-AC03-20FBB367A0A8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_br2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E828CAC-ABDA-4577-9632-A9243EDC80C3", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_br2:-:*:*:*:*:*:*:*", "matchCriteriaId": "15A9B1A8-BC46-4563-9A81-9132FEAE06BE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_br1_ip55_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F23641CB-88B3-42F7-A3CF-2710EE50D82F", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_br1_ip55:hw2-4:*:*:*:*:*:*:*", "matchCriteriaId": "F8BF261C-104E-42F1-8BA3-58C795A99659", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_br2_ip55_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4038F65A-18BA-47D3-9E84-F7F4C819BB09", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_br2_ip55:hw2-3:*:*:*:*:*:*:*", "matchCriteriaId": "E777378F-B136-4E7C-B224-FD0A979C62D9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_hd2_ip67_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B81C984C-9D3D-4B7A-A71C-63E91DAE4C45", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_hd2_ip67:-:*:*:*:*:*:*:*", "matchCriteriaId": "B4656C71-82EF-492E-970F-FBDD5878181F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_hd2_mini_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E385EC2E-810B-4CC6-8A0E-1939F84B27B8", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_hd2_mini:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D4F4A79-DC24-4F4D-B880-DC5058CEB2E4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_hd2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8C4C531-A983-4D47-8B5D-AFA3BFC647CB", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_hd2:-:*:*:*:*:*:*:*", "matchCriteriaId": "96F178E0-7513-4C77-A9D2-E77A81D121D3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_hd1_dome_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "82257F6E-B375-4EFB-991B-C8E48A46B5C2", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_hd1_dome:-:*:*:*:*:*:*:*", "matchCriteriaId": "6A260043-AE33-4D57-864B-FE26F8E3FDD6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_hd2_dome_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA4967C1-1B75-4FF0-8C4E-89132BDF0BB0", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_hd2_dome:-:*:*:*:*:*:*:*", "matchCriteriaId": "26F35AE8-A8D6-4DE3-872E-D2D5A490B241", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_hd4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EBFE245F-2A40-4FBA-A10E-A1D0FB203AD7", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_hd4:-:*:*:*:*:*:*:*", "matchCriteriaId": "5F65EAE1-7791-4B59-8A37-638F498DCB1E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_hd4_ip67_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BD51258-E260-43A2-90BD-9A8808A0214D", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_hd4_ip67:-:*:*:*:*:*:*:*", "matchCriteriaId": "C92BBF93-D478-44D8-A518-63FF54A87457", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_transit_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02335BDF-76C9-4C35-8136-84F2DF10F021", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_transit:-:*:*:*:*:*:*:*", "matchCriteriaId": "07F4D14E-F443-435D-8EBE-746DEC913F18", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_transit_duo_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C529D8A6-7008-4FD8-935C-1C56623C6AC8", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_transit_duo:-:*:*:*:*:*:*:*", "matchCriteriaId": "793363AA-5B1A-4678-9DCC-48466A98B6F6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_transit_mini_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2B04A6FE-DB23-45AE-A280-921A27AD24C0", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_transit_mini:-:*:*:*:*:*:*:*", "matchCriteriaId": "44C9BCF1-CC51-4038-B9C7-A00463B426C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_hotspot_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5731E381-DA84-4046-AF4D-4FB59C85EDD8", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_hotspot:-:*:*:*:*:*:*:*", "matchCriteriaId": "A821CF64-D19E-4F8A-8652-EE3403DC9F08", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_on-the-go_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "13A4D71E-7119-415D-9B77-C1967DAD6B98", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_on-the-go:hw2:*:*:*:*:*:*:*", "matchCriteriaId": "6B8970F7-D063-43CA-8A2E-FEF667B75431", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:max_700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "745FC5C1-32D6-476B-8EDE-27EAA6623E3A", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:max_700:-:*:*:*:*:*:*:*", "matchCriteriaId": "8A836592-94DD-4CEB-A5FC-6742E45F0C38", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:ubr_lte_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "77ECA737-B779-4997-AD6A-941E0BDA8E8D", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:ubr_lte:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB37C540-3176-4B6C-9D12-55FD82559C4E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:surf_soho_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F471E9AC-1BA7-4F6A-BA64-F28B4688344B", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:surf_soho:hw2:*:*:*:*:*:*:*", "matchCriteriaId": "CF843B6A-DA62-4CD8-89F1-5A1AC2C5780D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:surf_soho_mk3_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4577AEB8-AD21-4B73-86C1-2A038C81D4A0", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:surf_soho_mk3:-:*:*:*:*:*:*:*", "matchCriteriaId": "25FE9DD3-7262-4C85-A7EC-0D30545D7C4D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:mediafast_200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E391695C-A2B6-4FED-A5DE-4E859C80BD11", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:mediafast_200:-:*:*:*:*:*:*:*", "matchCriteriaId": "7788912A-98D6-479E-9936-C5B4BD111850", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:mediafast_500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEB72E7E-5E61-48C3-BE28-4B0BD13D522A", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:mediafast_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "F724D696-D8BF-4873-9F0A-E6846229D1F9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:mediafast_750_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "31DE35AB-DEF7-42F8-99BD-D81497A6372B", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:mediafast_750:-:*:*:*:*:*:*:*", "matchCriteriaId": "4608AF2A-E42E-42EB-B94F-E920835B2C24", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:mediafast_hd2_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E05BE02-9B2E-4BF1-A91F-F21B36830B1B", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:mediafast_hd2:-:*:*:*:*:*:*:*", "matchCriteriaId": "F168E727-7373-4C68-AD9E-4BE7F1FA62C2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:mediafast_hd4_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "05BC233E-40AE-4EEC-9DAD-7DDC6C3DDEE0", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:mediafast_hd4:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFB8963C-BEC0-4BA1-BC51-379E520D0C0A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:speedfusion_sfe_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "93C01035-3353-4CAE-8061-18A4C4429C05", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:speedfusion_sfe:-:*:*:*:*:*:*:*", "matchCriteriaId": "763AE9F8-1D4F-440C-98A7-11F3CDC88AF2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:speedfusion_sfe_cam_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D845A3F-CCFC-4FFB-A142-31F98EC156EE", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:speedfusion_sfe_cam:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B723CA-ACC0-4A7E-85E8-A7570FF1C127", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:peplink:fusionhub_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F300118-C305-4832-B9A1-0413DF23962B", "versionEndIncluding": "8.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:peplink:fusionhub:-:*:*:*:*:*:*:*", "matchCriteriaId": "880085F7-5E68-45A2-AD89-8C0649544183", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin."}, {"lang": "es", "value": "Peplink Balance versiones anteriores a 8.1.0rc1, permite a un atacante no autenticado descargar archivos de configuraci\u00f3n PHP (archivo /filemanager/php/connector.php) desde Web Admin"}], "id": "CVE-2020-24246", "lastModified": "2020-10-23T02:22:38.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-07T16:15:16.640", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-interface-of-peplink-balance/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}