Peplink Security Advisory: Firmware 8.3.0 - Multiple Vulnerabilities (CVE-2023-49229, CVE-2023-49230)

Recently, we have communicated with a security research lab that has informed us that they have found several vulnerabilities in Peplink firmware version 8.3.0. Here are the details:

  1. Lack of authorization on portals (CVE-2023-49229)

  2. Secrets accessible to read-only users (CVE-2023-49230)

The vulnerabilities were identified in the Peplink Balance, MAX, MediaFast, Surf SOHO, and FusionHub product families in the firmware version 8.3.0.

It has been fixed in the firmware version 8.4.0, which can be downloaded here.

Published: 2023-12-29

1 Like