Multiple Peplink Balance products are vulnerable to information leakage

Peplink Balance 305 and others are multi-exit load balancing routers for medium-sized businesses. An information disclosure vulnerability exists in several Peplink Balance products using firmware versions prior to fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. An attacker can exploit th...

Cross-Site Scripting Vulnerability in Multiple Peplink Balance Products

Peplink Balance 305 and others are multi-exit load balancing routers for medium-sized businesses. A cross-site scripting vulnerability exists in various Peplink Balance products using firmware versions prior to fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. A remote attacker can exploit...

CVE-2017-8840

Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, a...

CVE-2017-8840

Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, a...

CVE-2017-8840

Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2380hw6580hw2710hw31350hw22500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, a...

CVE-2017-8838

CVE-2017-8838 affects Peplink Balance routers (models 305, 380, 580, 710, 1350, 2500) with firmware prior to fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The issue is a cross-site scripting (XSS) vulnerability in the web interface, triggered via the syncid parameter in the CGI sc...