Vulnerability Description
Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Peplink | B305Hw2 Firmware | 7.0.1 |
| Peplink | Balance 305 | - |
| Peplink | 380Hw6 Firmware | 7.0.1 |
| Peplink | Balance 380 | - |
| Peplink | 580Hw2 Firmware | 7.0.1 |
| Peplink | Balance 580 | - |
| Peplink | 710Hw3 Firmware | 7.0.1 |
| Peplink | Balance 710 | - |
| Peplink | 1350Hw2 Firmware | 7.0.1 |
| Peplink | Balance 1350 | - |
| Peplink | 2500 Firmware | 7.0.1 |
| Peplink | Balance 2500 | - |
Related Weaknesses (CWE)
References
- http://seclists.org/bugtraq/2017/Jun/1Mailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/42130/
- https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/PatchThird Party Advisory
- http://seclists.org/bugtraq/2017/Jun/1Mailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/42130/
- https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/PatchThird Party Advisory
FAQ
What is CVE-2017-8840?
CVE-2017-8840 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to...
How severe is CVE-2017-8840?
CVE-2017-8840 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8840?
Check the references section above for vendor advisories and patch information. Affected products include: Peplink B305Hw2 Firmware, Peplink Balance 305, Peplink 380Hw6 Firmware, Peplink Balance 380, Peplink 580Hw2 Firmware.