// For flags

CVE-2017-8836

Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.

Se presenta una vulnerabilidad de tipo CSRF en dispositivos Peplink Balance 305, 380, 580, 710, 1350 y 2500 con versión de firmware anterior a fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Los scripts CGI en la interfaz administrativa están afectados. Esto permite que un atacante ejecute comandos, si un usuario ha iniciado sesión visita un sitio web malicioso. Esto puede ser usado, por ejemplo, para cambiar las credenciales de la interfaz web administrativa.

Peplink version 7.0.0-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-05-08 CVE Reserved
  • 2017-06-05 CVE Published
  • 2017-06-05 First Exploit
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Peplink
Search vendor "Peplink"
 B305hw2 Firmware
Search vendor "Peplink" for product "B305hw2 Firmware"
 7.0.1
Search vendor "Peplink" for product "B305hw2 Firmware" and version "7.0.1"
-
Affected
in Peplink
Search vendor "Peplink"
 Balance 305
Search vendor "Peplink" for product "Balance 305"
--
Safe
Peplink
Search vendor "Peplink"
 380hw6 Firmware
Search vendor "Peplink" for product "380hw6 Firmware"
 7.0.1
Search vendor "Peplink" for product "380hw6 Firmware" and version "7.0.1"
-
Affected
in Peplink
Search vendor "Peplink"
 Balance 380
Search vendor "Peplink" for product "Balance 380"
--
Safe
Peplink
Search vendor "Peplink"
 580hw2 Firmware
Search vendor "Peplink" for product "580hw2 Firmware"
 7.0.1
Search vendor "Peplink" for product "580hw2 Firmware" and version "7.0.1"
-
Affected
in Peplink
Search vendor "Peplink"
 Balance 580
Search vendor "Peplink" for product "Balance 580"
--
Safe
Peplink
Search vendor "Peplink"
 710hw3 Firmware
Search vendor "Peplink" for product "710hw3 Firmware"
 7.0.1
Search vendor "Peplink" for product "710hw3 Firmware" and version "7.0.1"
-
Affected
in Peplink
Search vendor "Peplink"
 Balance 710
Search vendor "Peplink" for product "Balance 710"
--
Safe
Peplink
Search vendor "Peplink"
 1350hw2 Firmware
Search vendor "Peplink" for product "1350hw2 Firmware"
 7.0.1
Search vendor "Peplink" for product "1350hw2 Firmware" and version "7.0.1"
-
Affected
in Peplink
Search vendor "Peplink"
 Balance 1350
Search vendor "Peplink" for product "Balance 1350"
--
Safe
Peplink
Search vendor "Peplink"
 2500 Firmware
Search vendor "Peplink" for product "2500 Firmware"
 7.0.1
Search vendor "Peplink" for product "2500 Firmware" and version "7.0.1"
-
Affected
in Peplink
Search vendor "Peplink"
 Balance 2500
Search vendor "Peplink" for product "Balance 2500"
--
Safe