Lucene search

K
openvasCopyright (C) 2017 Greenbone AGOPENVAS:1361412562310106848
HistoryJun 06, 2017 - 12:00 a.m.

Peplink Balance Routers Multiple Vulnerabilities

2017-06-0600:00:00
Copyright (C) 2017 Greenbone AG
plugins.openvas.org
21

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

0.015 Low

EPSS

Percentile

86.8%

Peplink Balance routers are prone to multiple vulnerabilities.

# SPDX-FileCopyrightText: 2017 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:peplink:balance";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.106848");
  script_version("2023-11-03T05:05:46+0000");
  script_tag(name:"last_modification", value:"2023-11-03 05:05:46 +0000 (Fri, 03 Nov 2023)");
  script_tag(name:"creation_date", value:"2017-06-06 10:51:07 +0700 (Tue, 06 Jun 2017)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:P/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-10-03 00:03:00 +0000 (Thu, 03 Oct 2019)");

  script_cve_id("CVE-2017-8835", "CVE-2017-8836", "CVE-2017-8837", "CVE-2017-8838", "CVE-2017-8839",
                "CVE-2017-8840", "CVE-2017-8841");

  script_tag(name:"qod_type", value:"remote_vul");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Peplink Balance Routers Multiple Vulnerabilities");

  script_category(ACT_ATTACK);

  script_copyright("Copyright (C) 2017 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_peplink_balance_webadmin_detect.nasl");
  script_mandatory_keys("peplink_balance/detected");

  script_tag(name:"summary", value:"Peplink Balance routers are prone to multiple vulnerabilities.");

  script_tag(name:"insight", value:"Peplink Balance routers are prone to multiple vulnerabilities:

  - SQL injection attack via the 'bauth' cookie parameter (CVE-2017-8835)

  - No CSRF Protection (CVE-2017-8836)

  - Passwords stored in Cleartext (CVE-2017-8837)

  - XSS via syncid Parameter (CVE-2017-8838)

  - XSS via preview.cgi (CVE-2017-8839)

  - File Deletion (CVE-2017-8841)

  - Information Disclosure (CVE-2017-8840)");

  script_tag(name:"vuldetect", value:"Sends a crafted HTTP request and checks the response.");

  script_tag(name:"affected", value:"Peplink Balance Router firmware 7.0.0-build1904 and possible prior.");

  script_tag(name:"solution", value:"Update to firmware version 7.0.1-build2093 or later.");

  script_xref(name:"URL", value:"https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/");

  exit(0);
}

include("host_details.inc");
include("http_func.inc");
include("http_keepalive.inc");

if (!port = get_app_port(cpe: CPE))
  exit(0);

url = '/cgi-bin/HASync/hasync.cgi?debug=1';

if (http_vuln_check(port: port, url: url, pattern: "Master LAN Address", check_header: TRUE,
                    extra_check: "HA Group ID")) {
  report = http_report_vuln_url(port: port, url: url);
  security_message(port: port, data: report);
  exit(0);
}

exit(0);

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:P/A:C

0.015 Low

EPSS

Percentile

86.8%