Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-8836

EPSS 0.60% · P69
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-8836

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款Peplink Balance产品跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Peplink Balance 305等都是用于中型企业的多出口负载均衡路由器。 使用fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093之前的版本固件的多款Peplink Balance产品中存在跨站请求伪造漏洞。远程攻击者可利用该漏洞执行命令。以下产品受到影响:Peplink Balance 305;380;580;710;1350;2500。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2017-8836

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2017-8836

登录查看更多情报信息。

Same Patch Batch · n/a · 2017-06-05 · 25 CVEs total

CVE-2017-8839多款Peplink Balance产品跨站脚本漏洞
CVE-2017-1000367Sudo 输入验证错误漏洞
CVE-2017-9433Document Liberation Project libmwaw 缓冲区错误漏洞
CVE-2017-9432Document Liberation Project libstaroffice 缓冲区错误漏洞
CVE-2017-9431Google gRPC 缓冲区错误漏洞
CVE-2017-9430dnstracer 缓冲区错误漏洞
CVE-2017-9437Openbravo Business Suite SQL注入漏洞
CVE-2017-9436TeamPass SQL注入漏洞
CVE-2017-9435Dolibarr ERP/CRM SQL注入漏洞
CVE-2017-9434Crypto++ 安全漏洞
CVE-2017-8841多款Peplink Balance产品路径遍历漏洞
CVE-2017-8840多款Peplink Balance产品信息泄露漏洞
CVE-2017-9420WordPress Spiffy Calendar插件跨站脚本漏洞
CVE-2017-8838多款Peplink Balance产品跨站脚本漏洞
CVE-2017-8837多款Peplink Balance产品信任管理问题漏洞
CVE-2017-8835多款Peplink Balance产品SQL注入漏洞
CVE-2017-1000368Sudo 输入验证错误漏洞
CVE-2017-9438YARA regexp模块安全漏洞
CVE-2017-9440ImageMagick 安全漏洞
CVE-2017-9439ImageMagick 安全漏洞

Showing top 20 of 25 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2017-8836

No comments yet

Leave a comment