Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
eric sesterhenn vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-8838
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
Peplink B305hw2 Firmware 7.0.1
Peplink 380hw6 Firmware 7.0.1
Peplink 580hw2 Firmware 7.0.1
Peplink 710hw3 Firmware 7.0.1
Peplink 1350hw2 Firmware 7.0.1
Peplink 2500 Firmware 7.0.1
1 EDB exploit
9.8
CVSSv3
CVE-2017-8837
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised,...
Peplink B305hw2 Firmware 7.0.1
Peplink 380hw6 Firmware 7.0.1
Peplink 580hw2 Firmware 7.0.1
Peplink 710hw3 Firmware 7.0.1
Peplink 1350hw2 Firmware 7.0.1
Peplink 2500 Firmware 7.0.1
1 EDB exploit
8.1
CVSSv3
CVE-2017-8841
Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.p...
Peplink B305hw2 Firmware 7.0.1
Peplink 380hw6 Firmware 7.0.1
Peplink 580hw2 Firmware 7.0.1
Peplink 710hw3 Firmware 7.0.1
Peplink 1350hw2 Firmware 7.0.1
Peplink 2500 Firmware 7.0.1
1 EDB exploit
5.3
CVSSv3
CVE-2017-15270
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by malicious users to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special chara...
Psftp Psftpd 10.0.4
1 EDB exploit
5.9
CVSSv3
CVE-2017-15271
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled malicious users to perform a very effective DoS attack agains...
Psftp Psftpd 10.0.4
1 EDB exploit
8.8
CVSSv3
CVE-2017-8836
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an malicious user to execute commands, if a logge...
Peplink B305hw2 Firmware 7.0.1
Peplink 380hw6 Firmware 7.0.1
Peplink 580hw2 Firmware 7.0.1
Peplink 710hw3 Firmware 7.0.1
Peplink 1350hw2 Firmware 7.0.1
Peplink 2500 Firmware 7.0.1
1 EDB exploit
6.1
CVSSv3
CVE-2017-8839
XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.
Peplink B305hw2 Firmware 7.0.1
Peplink 380hw6 Firmware 7.0.1
Peplink 580hw2 Firmware 7.0.1
Peplink 710hw3 Firmware 7.0.1
Peplink 1350hw2 Firmware 7.0.1
Peplink 2500 Firmware 7.0.1
1 EDB exploit
5.3
CVSSv3
CVE-2017-8840
Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA G...
Peplink B305hw2 Firmware 7.0.1
Peplink 380hw6 Firmware 7.0.1
Peplink 580hw2 Firmware 7.0.1
Peplink 710hw3 Firmware 7.0.1
Peplink 1350hw2 Firmware 7.0.1
Peplink 2500 Firmware 7.0.1
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5