Lucene search

[email protected]CVE-2017-8840

HistoryJun 05, 2017 - 2:29 p.m.

CVE-2017-8840

2017-06-0514:29:00

CWE-200

[email protected]

web.nvd.nist.gov

107

cve-2017-8840

peplink balance

firmware

security

information disclosure

vulnerability

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

8.9 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

44.4%

JSON

Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid.

CPENameOperatorVersion
peplink:b305hw2_firmwarepeplink b305hw2 firmwareeq7.0.1
peplink:380hw6_firmwarepeplink 380hw6 firmwareeq7.0.1
peplink:580hw2_firmwarepeplink 580hw2 firmwareeq7.0.1
peplink:710hw3_firmwarepeplink 710hw3 firmwareeq7.0.1
peplink:1350hw2_firmwarepeplink 1350hw2 firmwareeq7.0.1
peplink:2500_firmwarepeplink 2500 firmwareeq7.0.1

CPE	Name	Operator	Version
peplink:b305hw2_firmware	peplink b305hw2 firmware	eq	7.0.1
peplink:380hw6_firmware	peplink 380hw6 firmware	eq	7.0.1
peplink:580hw2_firmware	peplink 580hw2 firmware	eq	7.0.1
peplink:710hw3_firmware	peplink 710hw3 firmware	eq	7.0.1
peplink:1350hw2_firmware	peplink 1350hw2 firmware	eq	7.0.1
peplink:2500_firmware	peplink 2500 firmware	eq	7.0.1