Cross-Site Scripting (XSS) Vulnerability in Peplink Balance Devices
CVE-2017-8838 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
Learn more about our Web Application Penetration Testing UK.