CVE-2017-8841

EIP tracks 1 public exploit for CVE-2017-8841. PoCs published by X41 D-Sec GmbH.

AI-analyzed exploit summary This is a detailed security advisory from X41 D-Sec GmbH describing multiple vulnerabilities in Peplink Balance routers, including SQL injection, CSRF, XSS, file deletion, and information disclosure. It provides technical details, CVSS scores, and mitigation steps for each vulnerability.

Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter.