CVE-2017-8836 in Balanceinfo

Zusammenfassung

von MITRE

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

08.05.2017

Veröffentlichung

05.06.2017

Moderieren

akzeptiert

Eintrag

VDB-101958

CPE

bereit

CWE

CWE-352 (bestätigt)

Exploit

Download

CVSS

8.8 (NVD)

EPSS

0.00595

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-8836
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-8836
CVE Details	https://www.cvedetails.com/cve/CVE-2017-8836/

◂ Zurück Übersicht Weiter ▸

Do you know our Splunk app?

Download it now for free!