PHP 安全漏洞
CVE编号
CVE-2020-24246利用情况
暂无补丁情况
N/A披露时间
2020-10-08漏洞描述
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| https://blog.bssi.fr/cve-2020-24246-leaking-source-file-using-the-web-admin-i... | |
| https://download.peplink.com/resources/firmware-8.1.0rc1-release-notes.pdf |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_1350_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_20x_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_20_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_210_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_2500_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_305_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_30_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_30_lte_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_30_pro_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_310x_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_310_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_380_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_50_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_580_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_710_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_one_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | balance_two_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | epx_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | fusionhub_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_700_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_br1_classic_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_br1_ent_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_br1_ip55_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_br1_m2m_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_br1_mini_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_br1_mk2_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_br1_pro_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_br1_slim_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_br1__ip67_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_br2_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_br2_ip55_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_hd1_dome_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_hd2_dome_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_hd2_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_hd2_ip67_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_hd2_mini_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_hd4_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_hd4_ip67_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_hotspot_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_on-the-go_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_transit_duo_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_transit_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | max_transit_mini_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | mbx_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | mediafast_200_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | mediafast_500_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | mediafast_750_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | mediafast_hd2_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | mediafast_hd4_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | sdx_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | speedfusion_sfe_cam_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | speedfusion_sfe_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | surf_soho_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | surf_soho_mk3_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | peplink | ubr_lte_firmware | * | Up to (including) 8.1.0 | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_1350 | hw2 | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_20 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_20x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_210 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_2500 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_30 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_305 | hw2 | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_30_lte | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_30_pro | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_310 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_310x | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_380 | hw6 | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_50 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_580 | hw2-3 | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_710 | hw3 | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_one | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | balance_two | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | epx | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | fusionhub | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_700 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_br1_classic | hw2-3 | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_br1_ent | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_br1_ip55 | hw2-4 | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_br1_m2m | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_br1_mini | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_br1_mk2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_br1_pro | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_br1_slim | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_br1__ip67 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_br2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_br2_ip55 | hw2-3 | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_hd1_dome | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_hd2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_hd2_dome | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_hd2_ip67 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_hd2_mini | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_hd4 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_hd4_ip67 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_hotspot | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_on-the-go | hw2 | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_transit | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_transit_duo | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | max_transit_mini | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | mbx | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | mediafast_200 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | mediafast_500 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | mediafast_750 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | mediafast_hd2 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | mediafast_hd4 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | sdx | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | speedfusion_sfe | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | speedfusion_sfe_cam | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | surf_soho | hw2 | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | surf_soho_mk3 | - | - | |||||
| 运行在以下环境 | |||||||||
| 硬件 | peplink | ubr_lte | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 低
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 无
- 保密性 高
- 完整性 无
| CWE-ID | 漏洞类型 |
| NVD-CWE-noinfo |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论