CVE-2017-8837

Published: 05/06/2017 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.

Vulnerable Product	Search on Vulmon	Subscribe to Product
peplink b305hw2 firmware 7.0.1
peplink 380hw6 firmware 7.0.1
peplink 580hw2 firmware 7.0.1
peplink 710hw3 firmware 7.0.1
peplink 1350hw2 firmware 7.0.1
peplink 2500 firmware 7.0.1

X41 D-Sec GmbH Security Advisory: X41-2017-005 Multiple Vulnerabilities in peplink balance routers =================================================== Overview -------- Confirmed Affected Versions: 700-build1904 Confirmed Patched Versions: fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-701-build2093bin Vulnerable Firmware: fw-b305hw2_380hw6_58 ...

Peplink version 700-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities ...

CWE-522 https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/http://seclists.org/bugtraq/2017/Jun/1 https://www.exploit-db.com/exploits/42130/https://nvd.nist.gov https://www.exploit-db.com/exploits/42130/

CVE-2017-8837

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect