CVE-2017-8839

MEDIUM

Peplink Balance 305 380 580 710 1350 2500 Firmware - Cross-Site Scripting via orig_url Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-8839. PoCs published by X41 D-Sec GmbH.

AI-analyzed exploit summary This is a detailed security advisory from X41 D-Sec GmbH describing multiple vulnerabilities in Peplink Balance routers, including SQL injection, CSRF, XSS, file deletion, and information disclosure. It provides technical details, CVSS scores, and mitigation steps for each vulnerability.

Description

XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.

Exploits (1)

exploitdb WRITEUP
by X41 D-Sec GmbH · textwebappscgi
https://www.exploit-db.com/exploits/42130

This is a detailed security advisory from X41 D-Sec GmbH describing multiple vulnerabilities in Peplink Balance routers, including SQL injection, CSRF, XSS, file deletion, and information disclosure. It provides technical details, CVSS scores, and mitigation steps for each vulnerability.

Classification
Writeup 100%
Attack Type
Sqli | Xss | Dos | Info Leak | Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Peplink Balance Routers (7.0.0-build1904)
No auth needed
Prerequisites: Network access to the Peplink device · Valid session cookie for some attacks
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/bugtraq/2017/Jun/1
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/42130/
Third Party Advisory x_refsource_misc
https://www.x41-dsec.de/lab/advisories/x41-2017-005-peplink/

Scores

CVSS v3 6.1
EPSS 0.0176
EPSS Percentile 75.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (6)
peplink/1350hw2_firmware 7.0.1
peplink/2500_firmware 7.0.1
peplink/380hw6_firmware 7.0.1
peplink/580hw2_firmware 7.0.1
peplink/710hw3_firmware 7.0.1
peplink/b305hw2_firmware 7.0.1
Published Jun 05, 2017
Tracked Since Feb 18, 2026