module
Peplink Balance routers SQLi
| Disclosed |
|---|
| N/A |
Disclosed
N/A
Description
Firmware versions up to 7.0.0-build1904 of Peplink Balance routers are affected by an unauthenticated
SQL injection vulnerability in the bauth cookie, successful exploitation of the vulnerability allows an
attacker to retrieve the cookies of authenticated users, bypassing the web portal authentication.
By default, a session expires 4 hours after login (the setting can be changed by the admin), for this
reason, the module attempts to retrieve the most recently created sessions.
SQL injection vulnerability in the bauth cookie, successful exploitation of the vulnerability allows an
attacker to retrieve the cookies of authenticated users, bypassing the web portal authentication.
By default, a session expires 4 hours after login (the setting can be changed by the admin), for this
reason, the module attempts to retrieve the most recently created sessions.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.