Firmwares 7.0.1 and 6.3.4 Address Security Advisory CVE-2017-8835 ~ 8841

Recently, a security research lab has informed us that they have found several vulnerabilities affecting multiple vendors. For Peplink firmware, it affects 7.0 and 6.3.3. Here are the details:

CVE-2017-8835
CVE-2017-8836
CVE-2017-8837
CVE-2017-8838
CVE-2017-8839
CVE-2017-8840
CVE-2017-8841

Products
The vulnerabilities were identified in the Balance, MAX, MediaFast, Surf SOHO, and FusionHub product families for firmware versions 7.0 and below. AP series are not affected.

Recommendations
Option 1 - Upgrade Firmware: Upgrade the firmware of your router to Firmware 7.0.2 or Firmware 6.3.4 as soon as possible. Here is the download link.

Option 2 - Defensive Steps: If an end user is unable to upgrade firmware, or cannot risk testing this in a critical production network, they should:

Switch Web Admin Access from LAN/WAN to LAN Only (System>Admin Security) - Most secure
-or-
Limit the “Allowed Source IP Subnets” to known safe WAN IPs that they could administer the router from

Interesting results upgrading rout routers:

1. SOHO, HW ver 1: Went fine; now running 6.3.4
2. SOHO, HW ver 2, Went fine; now running 7.0.1
3. Balance 20, HW ver 2; The router’s web UI was totally unresponsive and had to be powered off/on [hate doing that]; upgrade failed and still running 7.0.0.
4. Balance 20; HW ver 3; Went fine; now running 7.0.1

Three of these devices are hundreds of miles away – sure am glad the one that required the hard reset was not out in the middle of nowhere!

Is the recommendation for case #3 to try again?

I would treat it as a single failed attempt and try again. Are you using IC2 to push down the new FW?

Hi Tim. No, we do not use IC2 for any of the devices for which we are responsible.

Hi again Tim. We’re seeing it the same way. Not sure what that was all about but the 2nd attempt was successful. We’ll proceed with upgrading a few more … :<)

Good deal Rick!