Lucene search

K
Peplink380hw6 Firmware

7 matches found

CVE
CVE
added 2017/06/05 2:29 p.m.136 views

CVE-2017-8840

Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP...

5.3CVSS6.8AI score0.03845EPSS
CVE
CVE
added 2017/06/05 2:29 p.m.68 views

CVE-2017-8838

XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.

6.1CVSS7.3AI score0.02047EPSS
CVE
CVE
added 2017/06/05 2:29 p.m.63 views

CVE-2017-8837

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can g...

9.8CVSS9.4AI score0.1103EPSS
CVE
CVE
added 2017/06/05 2:29 p.m.63 views

CVE-2017-8841

Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter.

8.1CVSS8.8AI score0.04455EPSS
CVE
CVE
added 2017/06/05 2:29 p.m.61 views

CVE-2017-8835

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a se...

9.8CVSS9.7AI score0.63815EPSS
CVE
CVE
added 2017/06/05 2:29 p.m.60 views

CVE-2017-8839

XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.

6.1CVSS7.3AI score0.02047EPSS
CVE
CVE
added 2017/06/05 2:29 p.m.55 views

CVE-2017-8836

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malici...

8.8CVSS9.2AI score0.00595EPSS