Vulnerability Description
Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Peplink | B305Hw2 Firmware | 7.0.1 |
| Peplink | Balance 305 | - |
| Peplink | 380Hw6 Firmware | 7.0.1 |
| Peplink | Balance 380 | - |
| Peplink | 580Hw2 Firmware | 7.0.1 |
| Peplink | Balance 580 | - |
| Peplink | 710Hw3 Firmware | 7.0.1 |
| Peplink | Balance 710 | - |
| Peplink | 1350Hw2 Firmware | 7.0.1 |
| Peplink | Balance 1350 | - |
| Peplink | 2500 Firmware | 7.0.1 |
| Peplink | Balance 2500 | - |
Related Weaknesses (CWE)
References
- http://seclists.org/bugtraq/2017/Jun/1Mailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/42130/
- https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/Third Party Advisory
- http://seclists.org/bugtraq/2017/Jun/1Mailing ListThird Party Advisory
- https://www.exploit-db.com/exploits/42130/
- https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/Third Party Advisory
FAQ
What is CVE-2017-8841?
CVE-2017-8841 is a vulnerability with a CVSS score of 8.1 (HIGH). Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology i...
How severe is CVE-2017-8841?
CVE-2017-8841 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8841?
Check the references section above for vendor advisories and patch information. Affected products include: Peplink B305Hw2 Firmware, Peplink Balance 305, Peplink 380Hw6 Firmware, Peplink Balance 380, Peplink 580Hw2 Firmware.