CyberSec.Space Logo
CVEブラウザに戻る

CVE-2017-8835

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile10.77th
Published2017年6月5日
Last Modified2026年5月13日

Vulnerability Description

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.

Affected Platforms (CPE)

💻
Peplink

B305hw2 Firmware

= 7.0.1
💻
Peplink

380hw6 Firmware

= 7.0.1
💻
Peplink

580hw2 Firmware

= 7.0.1
💻
Peplink

710hw3 Firmware

= 7.0.1
💻
Peplink

1350hw2 Firmware

= 7.0.1
💻
Peplink

2500 Firmware

= 7.0.1

References & Advisories

🔗 http://seclists.org/bugtraq/2017/Jun/1
🔗 https://www.exploit-db.com/exploits/42130/
🔗 https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/
🔗 http://seclists.org/bugtraq/2017/Jun/1
🔗 https://www.exploit-db.com/exploits/42130/
🔗 https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/

関連する脆弱性情報

CVE-2017-88379.8

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_38...

CVE-2017-88368.8

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_135...

CVE-2017-88418.1

Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw...

CVE-2017-88386.1

XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_...

CVE-2017-8835 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space