Cross-Site Scripting (XSS) Vulnerability in Peplink Balance Devices

Cross-Site Scripting (XSS) Vulnerability in Peplink Balance Devices

CVE-2017-8838 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.

Learn more about our Web Application Penetration Testing UK.