CVE-2017-8841

Name of the Vulnerable Software and Affected Versions Peplink Balance devices (305, 380, 580, 710, 1350, and 2500) with firmware before 7.0.1-build2093

Description The issue is related to arbitrary file deletion. It is caused by an absolute path traversal in the "cgi-bin/MANGA/firmware process.cgi" endpoint via the upfile.path parameter.

Recommendations For Peplink Balance devices (305, 380, 580, 710, 1350, and 2500) with firmware before 7.0.1-build2093, update the firmware to version 7.0.1-build2093 or later to resolve the issue. As a temporary workaround, consider restricting access to the "cgi-bin/MANGA/firmware process.cgi" endpoint to minimize the risk of exploitation. Avoid using the upfile.path parameter in the affected endpoint until the issue is resolved.