CVE-2017-8837
Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.
El almacenamiento de contraseñas de texto sin cifrar se presenta en los dispositivos Peplink Balance 305, 380, 580, 710, 1350 y 2500 con versión firmware anterior a fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-versión 7.0.1-build2093. Los archivos en cuestión son /etc/waipass y /etc/roapass. En caso de que uno de estos dispositivos se vea comprometido, el atacante puede conseguir acceso a las contraseñas y violarlas para comprometer otros sistemas.
Peplink version 7.0.0-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-05-08 CVE Reserved
- 2017-06-05 CVE Published
- 2017-06-05 First Exploit
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-522: Insufficiently Protected Credentials
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/bugtraq/2017/Jun/1 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/142801 | 2017-06-05 | |
| https://www.exploit-db.com/exploits/42130 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink | 2019-10-03 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Peplink Search vendor "Peplink" | B305hw2 Firmware Search vendor "Peplink" for product "B305hw2 Firmware" | 7.0.1 Search vendor "Peplink" for product "B305hw2 Firmware" and version "7.0.1" | - |
Affected
| in | Peplink Search vendor "Peplink" | Balance 305 Search vendor "Peplink" for product "Balance 305" | - | - |
Safe
|
| Peplink Search vendor "Peplink" | 380hw6 Firmware Search vendor "Peplink" for product "380hw6 Firmware" | 7.0.1 Search vendor "Peplink" for product "380hw6 Firmware" and version "7.0.1" | - |
Affected
| in | Peplink Search vendor "Peplink" | Balance 380 Search vendor "Peplink" for product "Balance 380" | - | - |
Safe
|
| Peplink Search vendor "Peplink" | 580hw2 Firmware Search vendor "Peplink" for product "580hw2 Firmware" | 7.0.1 Search vendor "Peplink" for product "580hw2 Firmware" and version "7.0.1" | - |
Affected
| in | Peplink Search vendor "Peplink" | Balance 580 Search vendor "Peplink" for product "Balance 580" | - | - |
Safe
|
| Peplink Search vendor "Peplink" | 710hw3 Firmware Search vendor "Peplink" for product "710hw3 Firmware" | 7.0.1 Search vendor "Peplink" for product "710hw3 Firmware" and version "7.0.1" | - |
Affected
| in | Peplink Search vendor "Peplink" | Balance 710 Search vendor "Peplink" for product "Balance 710" | - | - |
Safe
|
| Peplink Search vendor "Peplink" | 1350hw2 Firmware Search vendor "Peplink" for product "1350hw2 Firmware" | 7.0.1 Search vendor "Peplink" for product "1350hw2 Firmware" and version "7.0.1" | - |
Affected
| in | Peplink Search vendor "Peplink" | Balance 1350 Search vendor "Peplink" for product "Balance 1350" | - | - |
Safe
|
| Peplink Search vendor "Peplink" | 2500 Firmware Search vendor "Peplink" for product "2500 Firmware" | 7.0.1 Search vendor "Peplink" for product "2500 Firmware" and version "7.0.1" | - |
Affected
| in | Peplink Search vendor "Peplink" | Balance 2500 Search vendor "Peplink" for product "Balance 2500" | - | - |
Safe
|