← back
CVE-2017-8839

CVE-2017-8839

EPSS 1.8%
XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/42130/unverifiedexploitdbwww.exploit-db.com/exploits/42130unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/bugtraq/2017/Jun/1https://www.exploit-db.com/exploits/42130/https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/