Cross-Site Scripting (XSS) Vulnerability in Peplink Balance Devices
CVE-2017-8839 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.
Learn more about our Web Application Penetration Testing UK.