MEDIUM🇵🇱 Wersja polska

CVE-2017-8839

CVSS 6.1v3.0pub. 2017-06-05upd. 2026-05-13

XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Peplink 1350hw2 Firmware

    OS
    Peplink
    7.0.1
  • Peplink 2500 Firmware

    OS
    Peplink
    7.0.1
  • Peplink 380hw6 Firmware

    OS
    Peplink
    7.0.1
  • Peplink 580hw2 Firmware

    OS
    Peplink
    7.0.1
  • Peplink 710hw3 Firmware

    OS
    Peplink
    7.0.1
  • Peplink B305hw2 Firmware

    OS
    Peplink
    7.0.1
  • Peplink Balance 1350

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 2500

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 305

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 380

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 580

    HW
    Peplink
    wszystkie wersje
  • Peplink Balance 710

    HW
    Peplink
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2017-8837CRITICAL9.8ten sam produkt

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware ...

CVE-2017-8835CRITICAL9.8ten sam produkt

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b30...

CVE-2020-24246HIGH7.5ten sam produkt

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filem...

CVE-2017-8841HIGH8.1ten sam produkt

Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware bef...

CVE-2017-8836HIGH8.8ten sam produkt

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380h...