CVE-2017-8841

Published: 05/06/2017 Updated: 13/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 7.8 | Exploitability Score: 8

CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8

VMScore: 755

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:C

Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
peplink b305hw2 firmware 7.0.1
peplink 380hw6 firmware 7.0.1
peplink 580hw2 firmware 7.0.1
peplink 710hw3 firmware 7.0.1
peplink 1350hw2 firmware 7.0.1
peplink 2500 firmware 7.0.1

X41 D-Sec GmbH Security Advisory: X41-2017-005 Multiple Vulnerabilities in peplink balance routers =================================================== Overview -------- Confirmed Affected Versions: 700-build1904 Confirmed Patched Versions: fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-701-build2093bin Vulnerable Firmware: fw-b305hw2_380hw6_58 ...

Peplink version 700-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities ...

CWE-22 https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/http://seclists.org/bugtraq/2017/Jun/1 https://www.exploit-db.com/exploits/42130/https://nvd.nist.gov https://www.exploit-db.com/exploits/42130/

CVE-2017-8841

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect