CVE-2017-8840
Peplink Balance Routers 7.0.0-build1904 - SQL Injection / Cross-Site Scripting / Information Disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid.
Una divulgación de información de depuración se presenta en los dispositivos Peplink Balance 305, 380, 580, 710, 1350 y 2500 con versión firmware anterior a fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-versión 7.0.1-build2093. Una petición directa a cgi-bin/ HASync/hasync.cgi?Debug=1 muestra la Dirección LAN Maestra, el Número de Serial, el ID de Grupo HA, la IP Virtual y el syncid Enviado.
Peplink version 7.0.0-build1904 suffers from cross site request forgery, cross site scripting, file deletion, and remote SQL injection vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-05-08 CVE Reserved
- 2017-06-05 CVE Published
- 2017-06-05 First Exploit
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/bugtraq/2017/Jun/1 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/142801 | 2017-06-05 | |
| https://www.exploit-db.com/exploits/42130 | 2024-08-05 |
| URL | Date | SRC |
|---|---|---|
| https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink | 2017-08-13 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Peplink Search vendor "Peplink" | B305hw2 Firmware Search vendor "Peplink" for product "B305hw2 Firmware" | 7.0.1 Search vendor "Peplink" for product "B305hw2 Firmware" and version "7.0.1" | - |
Affected
| in | Peplink Search vendor "Peplink" | Balance 305 Search vendor "Peplink" for product "Balance 305" | - | - |
Safe
|
| Peplink Search vendor "Peplink" | 380hw6 Firmware Search vendor "Peplink" for product "380hw6 Firmware" | 7.0.1 Search vendor "Peplink" for product "380hw6 Firmware" and version "7.0.1" | - |
Affected
| in | Peplink Search vendor "Peplink" | Balance 380 Search vendor "Peplink" for product "Balance 380" | - | - |
Safe
|
| Peplink Search vendor "Peplink" | 580hw2 Firmware Search vendor "Peplink" for product "580hw2 Firmware" | 7.0.1 Search vendor "Peplink" for product "580hw2 Firmware" and version "7.0.1" | - |
Affected
| in | Peplink Search vendor "Peplink" | Balance 580 Search vendor "Peplink" for product "Balance 580" | - | - |
Safe
|
| Peplink Search vendor "Peplink" | 710hw3 Firmware Search vendor "Peplink" for product "710hw3 Firmware" | 7.0.1 Search vendor "Peplink" for product "710hw3 Firmware" and version "7.0.1" | - |
Affected
| in | Peplink Search vendor "Peplink" | Balance 710 Search vendor "Peplink" for product "Balance 710" | - | - |
Safe
|
| Peplink Search vendor "Peplink" | 1350hw2 Firmware Search vendor "Peplink" for product "1350hw2 Firmware" | 7.0.1 Search vendor "Peplink" for product "1350hw2 Firmware" and version "7.0.1" | - |
Affected
| in | Peplink Search vendor "Peplink" | Balance 1350 Search vendor "Peplink" for product "Balance 1350" | - | - |
Safe
|
| Peplink Search vendor "Peplink" | 2500 Firmware Search vendor "Peplink" for product "2500 Firmware" | 7.0.1 Search vendor "Peplink" for product "2500 Firmware" and version "7.0.1" | - |
Affected
| in | Peplink Search vendor "Peplink" | Balance 2500 Search vendor "Peplink" for product "Balance 2500" | - | - |
Safe
|