05 Jui 2017
CVE-2017-8835 - CVE Vulnerability
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database. (CVSS:0.0) (Last Update:2017-06-05)
Vulnerability Details : SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database. Publish Date : 2017-06-05 Last Update Date : 2017-06-05 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2017-8835
- References For CVE-2017-8835
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2017-8835There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |