CyberSec.Space Logo
Back to CVE Browser

CVE-2017-8836

HIGH
8.8
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile18.49th
PublishedJun 5, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.

Affected Platforms (CPE)

πŸ’»
Peplink

B305hw2 Firmware

= 7.0.1
πŸ’»
Peplink

380hw6 Firmware

= 7.0.1
πŸ’»
Peplink

580hw2 Firmware

= 7.0.1
πŸ’»
Peplink

710hw3 Firmware

= 7.0.1
πŸ’»
Peplink

1350hw2 Firmware

= 7.0.1
πŸ’»
Peplink

2500 Firmware

= 7.0.1

References & Advisories

πŸ”— http://seclists.org/bugtraq/2017/Jun/1
πŸ”— https://www.exploit-db.com/exploits/42130/
πŸ”— https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/
πŸ”— http://seclists.org/bugtraq/2017/Jun/1
πŸ”— https://www.exploit-db.com/exploits/42130/
πŸ”— https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/

Related Vulnerabilities

CVE-2017-88359.8

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_7...

CVE-2017-88379.8

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_38...

CVE-2017-88418.1

Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw...

CVE-2017-88386.1

XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_...