CVE-2023-49226

Name of the Vulnerable Software and Affected Versions Peplink Balance Two versions prior to 8.4.0

Description An issue was discovered in the traceroute feature of the administration console, allowing command injection. This enables users with admin privileges to execute arbitrary commands as root.

Recommendations For versions prior to 8.4.0, update to version 8.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the administration console and the traceroute feature to minimize the risk of exploitation.