Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.
References
Link | Resource |
---|---|
http://seclists.org/bugtraq/2017/Jun/1 | Mailing List Third Party Advisory |
https://www.exploit-db.com/exploits/42130/ | |
https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/ | Patch Third Party Advisory |
http://seclists.org/bugtraq/2017/Jun/1 | Mailing List Third Party Advisory |
https://www.exploit-db.com/exploits/42130/ | |
https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/ | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
History
21 Nov 2024, 03:34
Type | Values Removed | Values Added |
---|---|---|
References | () http://seclists.org/bugtraq/2017/Jun/1 - Mailing List, Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/42130/ - | |
References | () https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/ - Patch, Third Party Advisory |
Information
Published : 2017-06-05 14:29
Updated : 2024-11-21 03:34
NVD link : CVE-2017-8837
Mitre link : CVE-2017-8837
CVE.ORG link : CVE-2017-8837
JSON object : View
Products Affected
peplink
- 380hw6_firmware
- balance_380
- 1350hw2_firmware
- balance_305
- balance_2500
- b305hw2_firmware
- balance_580
- 710hw3_firmware
- 2500_firmware
- balance_1350
- 580hw2_firmware
- balance_710
CWE
CWE-522
Insufficiently Protected Credentials