Background
Recently, we have communicated with a security research lab that has informed us that they have found several vulnerabilities in Peplink firmware version 8.3.0. Here are the details:
-
Lack of authorization on portals (CVE-2023-49229)
-
Secrets accessible to read-only users (CVE-2023-49230)
Products
The vulnerabilities were identified in the Peplink Balance, MAX, MediaFast, Surf SOHO, and FusionHub product families in the firmware version 8.3.0.
Solution
It has been fixed in the firmware version 8.4.0, which can be downloaded here.
Published: 2023-12-29