CVE-2017-8836

Published: 05/06/2017 Updated: 13/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an malicious user to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.

Vulnerable Product	Search on Vulmon	Subscribe to Product
peplink b305hw2 firmware 7.0.1
peplink 380hw6 firmware 7.0.1
peplink 580hw2 firmware 7.0.1
peplink 710hw3 firmware 7.0.1
peplink 1350hw2 firmware 7.0.1
peplink 2500 firmware 7.0.1

X41 D-Sec GmbH Security Advisory: X41-2017-005 Multiple Vulnerabilities in peplink balance routers =================================================== Overview -------- Confirmed Affected Versions: 700-build1904 Confirmed Patched Versions: fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-701-build2093bin Vulnerable Firmware: fw-b305hw2_380hw6_58 ...

Peplink version 700-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities ...

CWE-352 https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/http://seclists.org/bugtraq/2017/Jun/1 https://www.exploit-db.com/exploits/42130/https://nvd.nist.gov https://www.exploit-db.com/exploits/42130/

CVE-2017-8836

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect