CVE-2017-8835 : What You Need to Know

Peplink Balance devices are vulnerable to SQL injection due to a flaw in their firmware versions. Attackers can exploit this to enumerate user accounts.

Understanding CVE-2017-8835

Peplink Balance devices with specific firmware versions are at risk of SQL injection, potentially leading to user account enumeration.

What is CVE-2017-8835?

CVE-2017-8835 is a vulnerability affecting Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware versions prior to fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The bauth cookie on the cgi-bin/MANGA/admin.cgi can be exploited for SQL injection.

The Impact of CVE-2017-8835

The vulnerability allows attackers to potentially enumerate user accounts by checking if a session ID can be obtained from the sessions database.

Technical Details of CVE-2017-8835

Peplink Balance devices are susceptible to SQL injection due to the following:

Vulnerability Description

SQL injection vulnerability in Peplink Balance devices
Exploitable through the bauth cookie on the cgi-bin/MANGA/admin.cgi

Affected Systems and Versions

Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices
Firmware versions prior to fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093

Exploitation Mechanism

Attackers can exploit the bauth cookie to inject SQL commands

Mitigation and Prevention

To address CVE-2017-8835, consider the following steps:

Immediate Steps to Take

Update Peplink Balance devices to firmware version fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093
Monitor user accounts for any suspicious activity

Long-Term Security Practices

Regularly audit and review device firmware for security updates
Implement network segmentation to limit the impact of potential attacks

Patching and Updates

Apply patches and firmware updates promptly to mitigate known vulnerabilities