Vulnerabilities > Buffalotech

DATE CVE VULNERABILITY TITLE RISK
2017-06-09 CVE-2016-7826 Path Traversal vulnerability in Buffalotech Wnc01Wh Firmware 1.0.0.8
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.
network
low complexity
buffalotech CWE-22
6.5
2017-06-09 CVE-2016-7825 Path Traversal vulnerability in Buffalotech Wnc01Wh Firmware 1.0.0.8
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.
network
low complexity
buffalotech CWE-22
6.5
2017-06-09 CVE-2016-7824 Improper Access Control vulnerability in Buffalotech Wnc01Wh Firmware 1.0.0.8
Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.
network
low complexity
buffalotech CWE-284
8.8
2017-06-09 CVE-2016-7823 Cross-site Scripting vulnerability in Buffalotech Wnc01Wh Firmware 1.0.0.8
Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
low complexity
buffalotech CWE-79
4.3
2017-06-09 CVE-2016-7822 Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech Wnc01Wh Firmware 1.0.0.8
Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.
network
low complexity
buffalotech CWE-352
8.8
2017-06-09 CVE-2016-7821 Improper Input Validation vulnerability in Buffalotech Wnc01Wh Firmware 1.0.0.8
Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.
network
low complexity
buffalotech CWE-20
6.5
2016-01-22 CVE-2016-1135 Cross-site Scripting vulnerability in Buffalotech products
Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
buffalotech CWE-79
6.1
2016-01-22 CVE-2016-1134 Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech products
Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users.
network
low complexity
buffalotech CWE-352
8.8
2015-12-27 CVE-2015-8262 Unspecified vulnerability in Buffalotech products
Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.
network
high complexity
buffalotech
6.8