Vulnerabilities > CVE-2015-8262 - Unspecified vulnerability in Buffalotech products

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

buffalotech

NVD

Published: 2015-12-27

Updated: 2016-11-28

Summary

Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.

Vulnerable Configurations

Part	Description	Count
OS	Buffalotech Buffalotech Airstation Extreme N600 Firmware 2.09 Buffalotech Airstation Extreme N600 Firmware 2.13 Buffalotech Airstation Extreme N600 Firmware 2.16	3
Hardware	Buffalotech Buffalotech Airstation Extreme N600 *	1

References

https://www.kb.cert.org/vuls/id/646008
http://www.securityfocus.com/bid/78877