SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
oryginał ENCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPeplink 1350hw2 Firmware
OSPeplink7.0.1Peplink 2500 Firmware
OSPeplink7.0.1Peplink 380hw6 Firmware
OSPeplink7.0.1Peplink 580hw2 Firmware
OSPeplink7.0.1Peplink 710hw3 Firmware
OSPeplink7.0.1Peplink B305hw2 Firmware
OSPeplink7.0.1Peplink Balance 1350
HWPeplinkwszystkie wersjePeplink Balance 2500
HWPeplinkwszystkie wersjePeplink Balance 305
HWPeplinkwszystkie wersjePeplink Balance 380
HWPeplinkwszystkie wersjePeplink Balance 580
HWPeplinkwszystkie wersjePeplink Balance 710
HWPeplinkwszystkie wersje
Powiązane podatności
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware ...
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filem...
Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware bef...
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380h...
XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-...