Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HPeplink 1350hw2 Firmware
OSPeplink7.0.1Peplink 2500 Firmware
OSPeplink7.0.1Peplink 380hw6 Firmware
OSPeplink7.0.1Peplink 580hw2 Firmware
OSPeplink7.0.1Peplink 710hw3 Firmware
OSPeplink7.0.1Peplink B305hw2 Firmware
OSPeplink7.0.1Peplink Balance 1350
HWPeplinkwszystkie wersjePeplink Balance 2500
HWPeplinkwszystkie wersjePeplink Balance 305
HWPeplinkwszystkie wersjePeplink Balance 380
HWPeplinkwszystkie wersjePeplink Balance 580
HWPeplinkwszystkie wersjePeplink Balance 710
HWPeplinkwszystkie wersje
Related vulnerabilities
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware ...
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b30...
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filem...
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380h...
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b3...