Vulnerability Description
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Peplink | B305Hw2 Firmware | 7.0.1 |
| Peplink | Balance 305 | - |
| Peplink | 380Hw6 Firmware | 7.0.1 |
| Peplink | Balance 380 | - |
| Peplink | 580Hw2 Firmware | 7.0.1 |
| Peplink | Balance 580 | - |
| Peplink | 710Hw3 Firmware | 7.0.1 |
| Peplink | Balance 710 | - |
| Peplink | 1350Hw2 Firmware | 7.0.1 |
| Peplink | Balance 1350 | - |
| Peplink | 2500 Firmware | 7.0.1 |
| Peplink | Balance 2500 | - |
Related Weaknesses (CWE)
References
- http://seclists.org/bugtraq/2017/Jun/1Mailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/42130/
- https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/PatchThird Party Advisory
- http://seclists.org/bugtraq/2017/Jun/1Mailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/42130/
- https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/PatchThird Party Advisory
FAQ
What is CVE-2017-8838?
CVE-2017-8838 is a vulnerability with a CVSS score of 6.1 (MEDIUM). XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HA...
How severe is CVE-2017-8838?
CVE-2017-8838 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8838?
Check the references section above for vendor advisories and patch information. Affected products include: Peplink B305Hw2 Firmware, Peplink Balance 305, Peplink 380Hw6 Firmware, Peplink Balance 380, Peplink 580Hw2 Firmware.