Skip to main content

1350Hw2 Firmware

7 CVEs product

Monthly

CVE-2017-8841 HIGH POC This Week

Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal B305Hw2 Firmware 380Hw6 Firmware 580Hw2 Firmware 710Hw3 Firmware +2
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
4.5%
CVE-2017-8840 MEDIUM POC PATCH This Month

Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure B305Hw2 Firmware 380Hw6 Firmware 580Hw2 Firmware 710Hw3 Firmware +2
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
3.8%
CVE-2017-8839 MEDIUM POC This Month

XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS B305Hw2 Firmware 380Hw6 Firmware 580Hw2 Firmware 710Hw3 Firmware +2
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.0%
CVE-2017-8838 MEDIUM POC PATCH This Month

XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS B305Hw2 Firmware 380Hw6 Firmware 580Hw2 Firmware 710Hw3 Firmware +2
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
2.0%
CVE-2017-8837 CRITICAL POC PATCH THREAT Act Now

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

Information Disclosure B305Hw2 Firmware 380Hw6 Firmware 580Hw2 Firmware 710Hw3 Firmware +2
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
11.0%
CVE-2017-8836 HIGH POC This Week

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF B305Hw2 Firmware 380Hw6 Firmware 580Hw2 Firmware 710Hw3 Firmware +2
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.6%
CVE-2017-8835 CRITICAL POC PATCH THREAT Act Now

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 63.8%.

SQLi B305Hw2 Firmware 380Hw6 Firmware 580Hw2 Firmware 710Hw3 Firmware +2
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
63.8%
Threat
5.4
EPSS 4% CVSS 8.1
HIGH POC This Week

Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal B305Hw2 Firmware 380Hw6 Firmware +4
NVD Exploit-DB
EPSS 4% CVSS 5.3
MEDIUM POC PATCH This Month

Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure B305Hw2 Firmware 380Hw6 Firmware +4
NVD Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM POC This Month

XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS B305Hw2 Firmware 380Hw6 Firmware +4
NVD Exploit-DB
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS B305Hw2 Firmware 380Hw6 Firmware +4
NVD Exploit-DB
EPSS 11% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.0%.

Information Disclosure B305Hw2 Firmware 380Hw6 Firmware +4
NVD Exploit-DB
EPSS 1% CVSS 8.8
HIGH POC This Week

CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF B305Hw2 Firmware 380Hw6 Firmware +4
NVD Exploit-DB
EPSS 64% 5.4 CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 63.8%.

SQLi B305Hw2 Firmware 380Hw6 Firmware +4
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy