Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid.
References
Link | Resource |
---|---|
http://seclists.org/bugtraq/2017/Jun/1 | Mailing List Third Party Advisory |
https://www.exploit-db.com/exploits/42130/ | |
https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/ | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-06-05T14:00:00
Updated: 2017-08-12T09:57:01
Reserved: 2017-05-08T00:00:00
Link: CVE-2017-8840
JSON object: View
NVD Information
Status : Modified
Published: 2017-06-05T14:29:00.577
Modified: 2017-08-13T01:29:22.727
Link: CVE-2017-8840
JSON object: View
Redhat Information
No data.
CWE