CVE-2023-49228
Description
Peplink Balance Two before 8.4.0 has hard-coded credentials on the console port, enabling physical attackers to gain root shell.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Peplink Balance Two before 8.4.0 has hard-coded credentials on the console port, enabling physical attackers to gain root shell.
Vulnerability
The Peplink Balance Two router, in versions prior to 8.4.0, uses hard-coded credentials for authentication on the console port. This vulnerability allows an attacker with physical access to bypass the intended authentication mechanism.
Exploitation
An attacker must have physical access to the device's console port and knowledge of the hard-coded credentials. By connecting to the console and authenticating with these credentials, the attacker can execute arbitrary commands.
Impact
Successful exploitation grants the attacker a root shell on the device, leading to full compromise of the router's confidentiality, integrity, and availability.
Mitigation
The issue is fixed in Peplink Balance Two firmware version 8.4.0. Users should update to this version or later. No workarounds are documented in the available references.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Peplink/Balance Twodescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.