Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.
References
Link | Resource |
---|---|
https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/ | Patch Third Party Advisory |
http://seclists.org/bugtraq/2017/Jun/1 | Mailing List Third Party Advisory |
https://www.exploit-db.com/exploits/42130/ |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Information
Published : 2017-06-05 07:29
Updated : 2019-10-02 17:03
NVD link : CVE-2017-8837
Mitre link : CVE-2017-8837
JSON object : View
CWE
CWE-522
Insufficiently Protected Credentials
Products Affected
peplink
- 1350hw2_firmware
- b305hw2_firmware
- balance_710
- balance_305
- 2500_firmware
- 580hw2_firmware
- balance_2500
- balance_380
- balance_1350
- 380hw6_firmware
- 710hw3_firmware
- balance_580