module
Peplink Balance routers SQLi
| Disclosed | Created |
|---|---|
| N/A | Aug 28, 2020 |
Disclosed
N/A
Created
Aug 28, 2020
Description
Firmware versions up to 7.0.0-build1904 of Peplink Balance routers are affected by an unauthenticated
SQL injection vulnerability in the bauth cookie, successful exploitation of the vulnerability allows an
attacker to retrieve the cookies of authenticated users, bypassing the web portal authentication.
By default, a session expires 4 hours after login (the setting can be changed by the admin), for this
reason, the module attempts to retrieve the most recently created sessions.
SQL injection vulnerability in the bauth cookie, successful exploitation of the vulnerability allows an
attacker to retrieve the cookies of authenticated users, bypassing the web portal authentication.
By default, a session expires 4 hours after login (the setting can be changed by the admin), for this
reason, the module attempts to retrieve the most recently created sessions.
Authors
Platform
Linux
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.