9.8
CVSSv3

CVE-2017-8837

Published: 05/06/2017 Updated: 03/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

peplink b305hw2 firmware 7.0.1

peplink 380hw6 firmware 7.0.1

peplink 580hw2 firmware 7.0.1

peplink 710hw3 firmware 7.0.1

peplink 1350hw2 firmware 7.0.1

peplink 2500 firmware 7.0.1

Exploits

X41 D-Sec GmbH Security Advisory: X41-2017-005 Multiple Vulnerabilities in peplink balance routers =================================================== Overview -------- Confirmed Affected Versions: 700-build1904 Confirmed Patched Versions: fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-701-build2093bin Vulnerable Firmware: fw-b305hw2_380hw6_58 ...
Peplink version 700-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities ...