Lucene search

[email protected]NVD:CVE-2017-8835

HistoryJun 05, 2017 - 2:29 p.m.

CVE-2017-8835

2017-06-0514:29:00

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.014

Percentile

86.5%

JSON

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.

Affected configurations

Nvd

Node

peplinkbalance_305Match-

AND

peplinkb305hw2_firmwareMatch7.0.1

Node

peplinkbalance_380Match-

AND

peplink380hw6_firmwareMatch7.0.1

Node

peplinkbalance_580Match-

AND

peplink580hw2_firmwareMatch7.0.1

Node

peplinkbalance_710Match-

AND

peplink710hw3_firmwareMatch7.0.1

Node

peplinkbalance_1350Match-

AND

peplink1350hw2_firmwareMatch7.0.1

Node

peplinkbalance_2500Match-

AND

peplink2500_firmwareMatch7.0.1

VendorProductVersionCPE
peplinkbalance_305-cpe:2.3:h:peplink:balance_305:-:*:*:*:*:*:*:*
peplinkb305hw2_firmware7.0.1cpe:2.3:o:peplink:b305hw2_firmware:7.0.1:*:*:*:*:*:*:*
peplinkbalance_380-cpe:2.3:h:peplink:balance_380:-:*:*:*:*:*:*:*
peplink380hw6_firmware7.0.1cpe:2.3:o:peplink:380hw6_firmware:7.0.1:*:*:*:*:*:*:*
peplinkbalance_580-cpe:2.3:h:peplink:balance_580:-:*:*:*:*:*:*:*
peplink580hw2_firmware7.0.1cpe:2.3:o:peplink:580hw2_firmware:7.0.1:*:*:*:*:*:*:*
peplinkbalance_710-cpe:2.3:h:peplink:balance_710:-:*:*:*:*:*:*:*
peplink710hw3_firmware7.0.1cpe:2.3:o:peplink:710hw3_firmware:7.0.1:*:*:*:*:*:*:*
peplinkbalance_1350-cpe:2.3:h:peplink:balance_1350:-:*:*:*:*:*:*:*
peplink1350hw2_firmware7.0.1cpe:2.3:o:peplink:1350hw2_firmware:7.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
peplink	balance_305	-	cpe:2.3:h:peplink:balance_305:-:::::::*
peplink	b305hw2_firmware	7.0.1	cpe:2.3:o:peplink:b305hw2_firmware:7.0.1:::::::*
peplink	balance_380	-	cpe:2.3:h:peplink:balance_380:-:::::::*
peplink	380hw6_firmware	7.0.1	cpe:2.3:o:peplink:380hw6_firmware:7.0.1:::::::*
peplink	balance_580	-	cpe:2.3:h:peplink:balance_580:-:::::::*
peplink	580hw2_firmware	7.0.1	cpe:2.3:o:peplink:580hw2_firmware:7.0.1:::::::*
peplink	balance_710	-	cpe:2.3:h:peplink:balance_710:-:::::::*
peplink	710hw3_firmware	7.0.1	cpe:2.3:o:peplink:710hw3_firmware:7.0.1:::::::*
peplink	balance_1350	-	cpe:2.3:h:peplink:balance_1350:-:::::::*
peplink	1350hw2_firmware	7.0.1	cpe:2.3:o:peplink:1350hw2_firmware:7.0.1:::::::*