← back
CVE-2017-8835

CVE-2017-8835

EPSS 61.6%
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/42130/unverifiedexploitdbwww.exploit-db.com/exploits/42130unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/bugtraq/2017/Jun/1https://www.exploit-db.com/exploits/42130/https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/