Known Vulnerabilities for products from Peplink

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Peplink".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Additional devices specifications by Peplink can be found at device.report : Peplink

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-57920 json Not Provided 2026-06-26 2026-06-26
CVE-2023-49230 json 8.8 - HIGH 2023-12-28 2024-01-04
CVE-2023-49229 json 4.3 - MEDIUM 2023-12-28 2024-01-04
CVE-2023-49228 json 6.4 - MEDIUM 2023-12-28 2024-01-04
CVE-2023-49226 json 7.2 - HIGH 2023-12-25 2024-01-03
CVE-2023-35194 json An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5... 8.8 - HIGH 2023-10-11 2023-10-18
CVE-2023-35193 json An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5... 8.8 - HIGH 2023-10-11 2023-10-18
CVE-2023-34356 json An OS command injection vulnerability exists in the data.cgi xfer_dns functionality of peplink Surf SOHO HW1 v6.3.5 (in QEMU)... 8.8 - HIGH 2023-10-11 2023-10-18
CVE-2023-34354 json A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of peplink Surf SOHO HW1 v6.3.... 5.4 - MEDIUM 2023-10-11 2023-10-17
CVE-2023-28381 json An OS command injection vulnerability exists in the admin.cgi MVPN_trial_init functionality of peplink Surf SOHO HW1 v6.3.5 (... 8.8 - HIGH 2023-10-11 2023-10-18
CVE-2023-27380 json An OS command injection vulnerability exists in the admin.cgi USSD_send functionality of peplink Surf SOHO HW1 v6.3.5 (in QEM... 8.8 - HIGH 2023-10-11 2023-10-18
CVE-2020-24246 json Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/conn... 7.5 - HIGH 2020-10-07 2020-10-23
CVE-2017-8841 json Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_... Not Provided 2017-06-05 2025-04-20
CVE-2017-8840 json Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b30... Not Provided 2017-06-05 2025-04-20
CVE-2017-8839 json XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_... Not Provided 2017-06-05 2025-04-20
CVE-2017-8838 json XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_58... Not Provided 2017-06-05 2025-04-20
CVE-2017-8837 json Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305h... Not Provided 2017-06-05 2025-04-20
CVE-2017-8836 json CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw... Not Provided 2017-06-05 2025-04-20
CVE-2017-8835 json SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580... Not Provided 2017-06-05 2025-04-20

Known software with vulnerabilities from Peplink

Type Vendor Product Version
HardwarePeplinkBalance 1350hw2
Operating
System		PeplinkBalance 1350 Firmware8.1.0
HardwarePeplinkBalance 20-
HardwarePeplinkBalance 20x-
Operating
System		PeplinkBalance 20x Firmware8.1.0
Operating
System		PeplinkBalance 20 Firmware8.1.0
HardwarePeplinkBalance 210-
Operating
System		PeplinkBalance 210 Firmware8.1.0
Operating
System		PeplinkBalance 2500 Firmware8.1.0
HardwarePeplinkBalance 30-
HardwarePeplinkBalance 305hw2
Operating
System		PeplinkBalance 305 Firmware8.1.0
Operating
System		PeplinkBalance 30 Firmware8.1.0
HardwarePeplinkBalance 30 Lte-
Operating
System		PeplinkBalance 30 Lte Firmware8.1.0
HardwarePeplinkBalance 30 Pro-
Operating
System		PeplinkBalance 30 Pro Firmware8.1.0
HardwarePeplinkBalance 310-
HardwarePeplinkBalance 310x-
Operating
System		PeplinkBalance 310x Firmware8.1.0
Results limited to 20 most recent known configurations
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report