Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2017-8836

Опубликовано: 05 июн. 2017
Источник: nvd
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:peplink:b305hw2_firmware:7.0.1:*:*:*:*:*:*:*
cpe:2.3:h:peplink:balance_305:-:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:peplink:380hw6_firmware:7.0.1:*:*:*:*:*:*:*
cpe:2.3:h:peplink:balance_380:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:peplink:580hw2_firmware:7.0.1:*:*:*:*:*:*:*
cpe:2.3:h:peplink:balance_580:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:peplink:710hw3_firmware:7.0.1:*:*:*:*:*:*:*
cpe:2.3:h:peplink:balance_710:-:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:o:peplink:1350hw2_firmware:7.0.1:*:*:*:*:*:*:*
cpe:2.3:h:peplink:balance_1350:-:*:*:*:*:*:*:*
Конфигурация 6

Одновременно

cpe:2.3:o:peplink:2500_firmware:7.0.1:*:*:*:*:*:*:*
cpe:2.3:h:peplink:balance_2500:-:*:*:*:*:*:*:*

EPSS

Процентиль: 69%
0.00595
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

github логотип

GHSA-2mwj-jf28-g57f

CVSS3: 8.8
github
больше 3 лет назад

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.

EPSS

Процентиль: 69%
0.00595
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352