CVE-2017-8838
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
05/06/2017
Last modified:
20/04/2025
Description
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:peplink:b305hw2_firmware:7.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:peplink:balance_305:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:peplink:380hw6_firmware:7.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:peplink:balance_380:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:peplink:580hw2_firmware:7.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:peplink:balance_580:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:peplink:710hw3_firmware:7.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:peplink:balance_710:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:peplink:1350hw2_firmware:7.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:peplink:balance_1350:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:peplink:2500_firmware:7.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:h:peplink:balance_2500:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page