CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 2CVE-2017-8837 – Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2017-8837
05 Jun 2017 — Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems. El almacenamiento de contraseñas de texto sin cifrar se presenta en los dispositivos Peplink Balance 305, 380, 580, 710, 1350 y 2500 con versió... • https://packetstorm.news/files/id/142801 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 2CVE-2017-8838 – Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2017-8838
05 Jun 2017 — XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi. Una vulnerabilidad de tipo XSS por medio de syncid se presenta en los dispositivos Peplink Balance 305, 380, 580, 710, 1350 y 2500 con versión de firmware anterior a fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-versión 7.0.1-build2093. El script afectado está en el archivo cgi-bin/HASync/hasync... • https://packetstorm.news/files/id/142801 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 2CVE-2017-8841 – Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure
https://notcve.org/view.php?id=CVE-2017-8841
05 Jun 2017 — Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter. Una eliminación de archivos arbitraria se presenta en los dispositivos de Peplink Balance 305, 380, 580, 710, 1350 y 2500 con versión firmware anterior a fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-versión 7.0.1-buil... • https://packetstorm.news/files/id/142801 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •