CVE-2017-8837

CRITICAL Year: 2017
CVSS v3 Score
9.8
Critical
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-522
View all →

Vulnerability Description

Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.

Related Vulnerabilities

CVE-2000-0944

CRITICAL
CVSS:9.8(Critical)

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without ...

CWE-5222000

CVE-2005-3435

CRITICAL
CVSS:9.8(Critical)

admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and sp...

CWE-5222005

CVE-2007-0681

CRITICAL
CVSS:9.8(Critical)

profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, vi...

CWE-5222007

CVE-2013-7052

CRITICAL
CVSS:9.8(Critical)

D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi script

CWE-5222013

CVE-2013-7055

CRITICAL
CVSS:9.8(Critical)

D-Link DIR-100 4.03B07 has PPTP and poe information disclosure

CWE-5222013

CVE-2014-3445

CRITICAL
CVSS:9.8(Critical)

backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the adminis...

CWE-5222014