Recently, a security research lab has informed us that they have found several vulnerabilities affecting multiple vendors. For Peplink firmware, it affects 7.0 and 6.3.3. Here are the details:
The vulnerabilities were identified in the Balance, MAX, MediaFast, Surf SOHO, and FusionHub product families for firmware versions 7.0 and below. AP series are not affected.
Option 1 - Upgrade Firmware: Upgrade the firmware of your router to Firmware 7.0.1 or Firmware 6.3.4 as soon as possible. Here is the download link.
Option 2 - Defensive Steps: If an end user is unable to upgrade firmware, or cannot risk testing this in a critical production network, they should:
Switch Web Admin Access from LAN/WAN to LAN Only (System>Admin Security) - Most secure -or- Limit the “Allowed Source IP Subnets” to known safe WAN IPs that they could administer the router from