CVE-2017-8835

CRITICAL

Peplink Balance 305, 380, 580, 710, 1350, and 2500 Firmware < 7.0.1-build2093 - SQL Injection via bauth Cookie

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2017-8835. PoCs published by X41 D-Sec GmbH, X41 D-Sec GmbH <[email protected]>, including Metasploit module auxiliary/gather/peplink_bauth_sqli.

AI-analyzed exploit summary This is a detailed security advisory from X41 D-Sec GmbH describing multiple vulnerabilities in Peplink Balance routers, including SQL injection, CSRF, XSS, file deletion, and information disclosure. It provides technical details, CVSS scores, and mitigation steps for each vulnerability.

Description

SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.

Exploits (2)

exploitdb WRITEUP

by X41 D-Sec GmbH · textwebappscgi

https://www.exploit-db.com/exploits/42130

View Code ZIP pw:eip

This is a detailed security advisory from X41 D-Sec GmbH describing multiple vulnerabilities in Peplink Balance routers, including SQL injection, CSRF, XSS, file deletion, and information disclosure. It provides technical details, CVSS scores, and mitigation steps for each vulnerability.

Classification

Writeup 100%

Attack Type

Sqli | Xss | Dos | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Peplink Balance Routers (7.0.0-build1904)

No auth needed

Prerequisites: Network access to the Peplink device · Valid session cookie for some attacks

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC

by X41 D-Sec GmbH <[email protected]> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/peplink_bauth_sqli.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated SQL injection vulnerability (CVE-2017-8835) in Peplink Balance routers (firmware up to 7.0.0-build1904) via the 'bauth' cookie. It retrieves active session cookies, bypasses authentication, and can enumerate usernames, privileges, and configuration data.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Peplink Balance routers (firmware up to 7.0.0-build1904)

No auth needed

Prerequisites: Network access to the target router · Vulnerable firmware version

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List, Third Party Advisory x_refsource_misc

http://seclists.org/bugtraq/2017/Jun/1

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42130/

Patch, Third Party Advisory x_refsource_misc

https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/

Scores

CVSS v3 9.8

EPSS 0.6158

EPSS Percentile 99.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (6)

peplink/1350hw2_firmware 7.0.1

peplink/2500_firmware 7.0.1

peplink/380hw6_firmware 7.0.1

peplink/580hw2_firmware 7.0.1

peplink/710hw3_firmware 7.0.1

peplink/b305hw2_firmware 7.0.1

Published Jun 05, 2017

Tracked Since Feb 18, 2026