CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T16:48:22.680Z

Reserved: 2017-05-08T00:00:00

Link: CVE-2017-8836

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2017-06-05T14:29:00.450

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-8836

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.