Search
Find a vulnerability
Search criteria
12 vulnerabilities found for wnc01wh_firmware by buffalotech
CVE-2016-7826 (GCVE-0-2016-7826)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN40613060/index.html | third-party-advisoryx_refsource_JVN |
| http://buffalo.jp/support_s/s20161201.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94648 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BUFFALO INC. | WNC01WH |
Affected:
firmware version 1.0.0.8 and earlier
|
Date Public
2016-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WNC01WH",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.0.8 and earlier"
}
]
}
],
"datePublic": "2016-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNC01WH",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40613060",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20161201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7826",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7825 (GCVE-0-2016-7825)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN40613060/index.html | third-party-advisoryx_refsource_JVN |
| http://buffalo.jp/support_s/s20161201.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94648 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BUFFALO INC. | WNC01WH |
Affected:
firmware version 1.0.0.8 and earlier
|
Date Public
2016-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WNC01WH",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.0.8 and earlier"
}
]
}
],
"datePublic": "2016-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNC01WH",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40613060",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20161201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7825",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7824 (GCVE-0-2016-7824)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN40613060/index.html | third-party-advisoryx_refsource_JVN |
| http://buffalo.jp/support_s/s20161201.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94648 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BUFFALO INC. | WNC01WH |
Affected:
firmware version 1.0.0.8 and earlier
|
Date Public
2016-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WNC01WH",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.0.8 and earlier"
}
]
}
],
"datePublic": "2016-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNC01WH",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40613060",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20161201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7824",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7823 (GCVE-0-2016-7823)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN40613060/index.html | third-party-advisoryx_refsource_JVN |
| http://buffalo.jp/support_s/s20161201.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94648 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BUFFALO INC. | WNC01WH |
Affected:
firmware version 1.0.0.8 and earlier
|
Date Public
2016-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WNC01WH",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.0.8 and earlier"
}
]
}
],
"datePublic": "2016-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNC01WH",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40613060",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20161201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7823",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7822 (GCVE-0-2016-7822)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN40613060/index.html | third-party-advisoryx_refsource_JVN |
| http://buffalo.jp/support_s/s20161201.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94648 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BUFFALO INC. | WNC01WH |
Affected:
firmware version 1.0.0.8 and earlier
|
Date Public
2016-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WNC01WH",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.0.8 and earlier"
}
]
}
],
"datePublic": "2016-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNC01WH",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40613060",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20161201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7822",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7821 (GCVE-0-2016-7821)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.
Severity
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN40613060/index.html | third-party-advisoryx_refsource_JVN |
| http://buffalo.jp/support_s/s20161201.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94648 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BUFFALO INC. | WNC01WH |
Affected:
firmware version 1.0.0.8 and earlier
|
Date Public
2016-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WNC01WH",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.0.8 and earlier"
}
]
}
],
"datePublic": "2016-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNC01WH",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40613060",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20161201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7821",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7823 (GCVE-0-2016-7823)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN40613060/index.html | third-party-advisoryx_refsource_JVN |
| http://buffalo.jp/support_s/s20161201.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94648 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BUFFALO INC. | WNC01WH |
Affected:
firmware version 1.0.0.8 and earlier
|
Date Public
2016-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WNC01WH",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.0.8 and earlier"
}
]
}
],
"datePublic": "2016-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNC01WH",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40613060",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20161201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7823",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7824 (GCVE-0-2016-7824)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN40613060/index.html | third-party-advisoryx_refsource_JVN |
| http://buffalo.jp/support_s/s20161201.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94648 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BUFFALO INC. | WNC01WH |
Affected:
firmware version 1.0.0.8 and earlier
|
Date Public
2016-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WNC01WH",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.0.8 and earlier"
}
]
}
],
"datePublic": "2016-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNC01WH",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40613060",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20161201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7824",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7825 (GCVE-0-2016-7825)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN40613060/index.html | third-party-advisoryx_refsource_JVN |
| http://buffalo.jp/support_s/s20161201.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94648 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BUFFALO INC. | WNC01WH |
Affected:
firmware version 1.0.0.8 and earlier
|
Date Public
2016-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WNC01WH",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.0.8 and earlier"
}
]
}
],
"datePublic": "2016-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNC01WH",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40613060",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20161201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7825",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7822 (GCVE-0-2016-7822)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN40613060/index.html | third-party-advisoryx_refsource_JVN |
| http://buffalo.jp/support_s/s20161201.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94648 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BUFFALO INC. | WNC01WH |
Affected:
firmware version 1.0.0.8 and earlier
|
Date Public
2016-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WNC01WH",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.0.8 and earlier"
}
]
}
],
"datePublic": "2016-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7822",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNC01WH",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40613060",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20161201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7822",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7821 (GCVE-0-2016-7821)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.
Severity
No CVSS data available.
CWE
- Denial-of-service (DoS)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN40613060/index.html | third-party-advisoryx_refsource_JVN |
| http://buffalo.jp/support_s/s20161201.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94648 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BUFFALO INC. | WNC01WH |
Affected:
firmware version 1.0.0.8 and earlier
|
Date Public
2016-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WNC01WH",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.0.8 and earlier"
}
]
}
],
"datePublic": "2016-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service (DoS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNC01WH",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40613060",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20161201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7821",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.024Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7826 (GCVE-0-2016-7826)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
EPSS
VEX
Summary
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.
Severity
No CVSS data available.
CWE
- Directory traversal
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN40613060/index.html | third-party-advisoryx_refsource_JVN |
| http://buffalo.jp/support_s/s20161201.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94648 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| BUFFALO INC. | WNC01WH |
Affected:
firmware version 1.0.0.8 and earlier
|
Date Public
2016-12-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WNC01WH",
"vendor": "BUFFALO INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.0.8 and earlier"
}
]
}
],
"datePublic": "2016-12-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#40613060",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94648"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WNC01WH",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.0.8 and earlier"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#40613060",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN40613060/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20161201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"name": "94648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94648"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7826",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}