Описание
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
Ссылки
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:peplink:b305hw2_firmware:7.0.1:*:*:*:*:*:*:*
cpe:2.3:h:peplink:balance_305:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:peplink:380hw6_firmware:7.0.1:*:*:*:*:*:*:*
cpe:2.3:h:peplink:balance_380:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:peplink:580hw2_firmware:7.0.1:*:*:*:*:*:*:*
cpe:2.3:h:peplink:balance_580:-:*:*:*:*:*:*:*
Конфигурация 4
Одновременно
cpe:2.3:o:peplink:710hw3_firmware:7.0.1:*:*:*:*:*:*:*
cpe:2.3:h:peplink:balance_710:-:*:*:*:*:*:*:*
Конфигурация 5
Одновременно
cpe:2.3:o:peplink:1350hw2_firmware:7.0.1:*:*:*:*:*:*:*
cpe:2.3:h:peplink:balance_1350:-:*:*:*:*:*:*:*
Конфигурация 6
Одновременно
cpe:2.3:o:peplink:2500_firmware:7.0.1:*:*:*:*:*:*:*
cpe:2.3:h:peplink:balance_2500:-:*:*:*:*:*:*:*
EPSS
Процентиль: 83%
0.02047
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
больше 3 лет назад
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
EPSS
Процентиль: 83%
0.02047
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79