Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.
References
Link | Resource |
---|---|
http://seclists.org/bugtraq/2017/Jun/1 | Mailing List Third Party Advisory |
https://www.exploit-db.com/exploits/42130/ | |
https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/ | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-06-05T14:00:00
Updated: 2017-08-12T09:57:01
Reserved: 2017-05-08T00:00:00
Link: CVE-2017-8837
JSON object: View
NVD Information
Status : Modified
Published: 2017-06-05T14:29:00.483
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-8837
JSON object: View
Redhat Information
No data.
CWE