Search criteria
4 vulnerabilities found for bbr-4hg by buffalo
VAR-201105-0127
Vulnerability from variot - Updated: 2023-12-18 12:58Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. Multiple routers provided by Buffalo contain a cross-site request forgery vulnerability. Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management screen. Hirotaka Katagiri reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged into the management screen, settings such as the login password may be altered. Successful exploits can result in privileged commands running on the affected devices, including enabling remote access to the web administration interface. This may lead to further network-based attacks. A remote attacker can exploit this vulnerability to hijack the administrator's authentication request to modify settings, such as changing the login password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201105-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wzr-g144nh",
"scope": "eq",
"trust": 1.6,
"vendor": "buffalotech",
"version": "1.47"
},
{
"model": "fs-g54",
"scope": "eq",
"trust": 1.6,
"vendor": "buffalotech",
"version": "2.07"
},
{
"model": "wzr-g144nh",
"scope": "eq",
"trust": 1.6,
"vendor": "buffalotech",
"version": "1.45"
},
{
"model": "wer-ag54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.04"
},
{
"model": "whr-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.42"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.02"
},
{
"model": "wzr-ampg300nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wer-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-hp-g",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.46"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "2.46"
},
{
"model": "fs-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.40"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.12"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.20"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.13"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.38"
},
{
"model": "whr-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.40"
},
{
"model": "wzr-g144n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.46"
},
{
"model": "whr-g",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-hp-g",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.38"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wzr-ampg144nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.48"
},
{
"model": "wer-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.13"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.11"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.30"
},
{
"model": "wzr2-g300n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.50"
},
{
"model": "whr-g",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.46"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.00"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "2.32"
},
{
"model": "wzr-g144n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "as-100",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.12"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.40"
},
{
"model": "wzr-g144n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.45"
},
{
"model": "wzr2-g300n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.38"
},
{
"model": "wer-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.12"
},
{
"model": "wzr-ampg300nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.48"
},
{
"model": "wer-ag54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "2.31"
},
{
"model": "wzr-ampg144nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.47"
},
{
"model": "wer-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.12"
},
{
"model": "wzr-g144n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.47"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.12"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.32"
},
{
"model": "whr-ampg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.46"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.42"
},
{
"model": "wer-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.14"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.23"
},
{
"model": "wzr-g144nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "wer-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.14"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.01"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.00"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.20"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.21"
},
{
"model": "whr-hp-ampg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.32"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.31"
},
{
"model": "wzr2-g300n",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.48"
},
{
"model": "wer-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.11"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.04"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.03"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.32"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.10"
},
{
"model": "wer-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.11"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.30"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.11"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.33"
},
{
"model": "whr-ampg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-hp-ampg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.20"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.31"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.02"
},
{
"model": "whr-am54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.30"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "2.48"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.04"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.42"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.23"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.33"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.10"
},
{
"model": "wer-a54g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.01"
},
{
"model": "whr-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.42"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.21"
},
{
"model": "wzr-g144nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.48"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.40"
},
{
"model": "wer-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "whr-g54s",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.20"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.03"
},
{
"model": "wer-ag54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.12"
},
{
"model": "whr-hp-g54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.38"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.10"
},
{
"model": "wzr-ampg144nh",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "*"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "2.33"
},
{
"model": "bhr-4rv",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "2.42"
},
{
"model": "whr-amg54",
"scope": "eq",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.31"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 0.8,
"vendor": "buffalo",
"version": "and other routers"
},
{
"model": "bhr-4rv",
"scope": null,
"trust": 0.6,
"vendor": "buffalotech",
"version": null
},
{
"model": "whr-g",
"scope": null,
"trust": 0.6,
"vendor": "buffalotech",
"version": null
},
{
"model": "whr-hp-g",
"scope": null,
"trust": 0.6,
"vendor": "buffalotech",
"version": null
},
{
"model": "whr-ampg",
"scope": null,
"trust": 0.6,
"vendor": "buffalotech",
"version": null
},
{
"model": "fs-g54",
"scope": null,
"trust": 0.6,
"vendor": "buffalotech",
"version": null
},
{
"model": "as-100",
"scope": null,
"trust": 0.6,
"vendor": "buffalotech",
"version": null
},
{
"model": "technology wireless broadband router wbrg54",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.11"
},
{
"model": "technology whr-g54s",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.2"
},
{
"model": "technology wireless-n nfiniti wzr-hp-g300nh",
"scope": null,
"trust": 0.3,
"vendor": "buffalo",
"version": null
},
{
"model": "technology wireless-n nfiniti whr-g300n",
"scope": null,
"trust": 0.3,
"vendor": "buffalo",
"version": null
},
{
"model": "technology wireless-n nfiniti whr-g300u",
"scope": null,
"trust": 0.3,
"vendor": "buffalo",
"version": null
},
{
"model": "technology wireless broadband router wbrg54",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.13"
},
{
"model": "technology airstation whr-g54s",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.2"
},
{
"model": "technology wireless-n nfiniti whr-hp-g300n",
"scope": null,
"trust": 0.3,
"vendor": "buffalo",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "47893"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "NVD",
"id": "CVE-2011-1324"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.10:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.30:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-amg54_firmware:1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-amg54_firmware:1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-amg54_firmware:1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.01:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.32:prebeta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.33:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-g_firmware:1.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g_firmware:1.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wer-ag54:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wer-am54g54:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:whr-amg54:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-ampg_firmware:1.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-g54s_firmware:1.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.46:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.47:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-ag54_firmware:1.12:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.01:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-ampg_firmware:1.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.32:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-amg54_firmware:1.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-amg54_firmware:1.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.20:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.11:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.30:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wzr-ampg144nh_firmware:1.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wzr-ampg144nh:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wer-a54g54:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:whr-am54g54:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:whr-hp-ampg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:bbr-4hg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-g54s_firmware:1.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:fs-g54_firmware:2.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:as-100:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:fs-g54:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:bhr-4rv:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.47:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-ag54_firmware:1.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.02:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.11:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.33:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-amg54_firmware:1.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.33:prebeta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.46:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.10:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.04:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wzr2-g300n_firmware:1.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wzr-ampg144nh_firmware:1.48:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wer-amg54:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wzr2-g300n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:bbr-4mg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:whr-g54s:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-g54s_firmware:1.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-g54s_firmware:1.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.47:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:whr-ampg:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.12:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.12:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-ag54_firmware:1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.04:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.20:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-amg54_firmware:1.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.32:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wzr-ampg300nh_firmware:1.48:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wzr2-g300n_firmware:1.50:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wzr-g144n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wzr-ampg300nh:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wzr-g144nh:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:whr-hp-g54:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-g54s_firmware:1.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-g54s_firmware:1.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.45:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:whr-hp-g:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:buffalotech:whr-g:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1324"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hirotaka Katagiri",
"sources": [
{
"db": "BID",
"id": "47893"
}
],
"trust": 0.3
},
"cve": "CVE-2011-1324",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2011-000025",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-49269",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-1324",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2011-000025",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201105-115",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-49269",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49269"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "NVD",
"id": "CVE-2011-1324"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. Multiple routers provided by Buffalo contain a cross-site request forgery vulnerability. Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management screen. Hirotaka Katagiri reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged into the management screen, settings such as the login password may be altered. \nSuccessful exploits can result in privileged commands running on the affected devices, including enabling remote access to the web administration interface. This may lead to further network-based attacks. A remote attacker can exploit this vulnerability to hijack the administrator\u0027s authentication request to modify settings, such as changing the login password",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-1324"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "BID",
"id": "47893"
},
{
"db": "VULHUB",
"id": "VHN-49269"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-1324",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN50505257",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201105-115",
"trust": 0.7
},
{
"db": "JVN",
"id": "JVN#50505257",
"trust": 0.6
},
{
"db": "BID",
"id": "47893",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-49269",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49269"
},
{
"db": "BID",
"id": "47893"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "NVD",
"id": "CVE-2011-1324"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
}
]
},
"id": "VAR-201105-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-49269"
}
],
"trust": 0.6615079433333333
},
"last_update_date": "2023-12-18T12:58:24.406000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple routers vulnerable to cross-site request forgery",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/20080808/csrf.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49269"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "NVD",
"id": "CVE-2011-1324"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://jvn.jp/en/jp/jvn50505257/index.html"
},
{
"trust": 1.7,
"url": "http://buffalo.jp/support_s/20080808/csrf.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1324"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn50505257"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1324"
},
{
"trust": 0.3,
"url": "http://www.buffalotech.com/products/wireless/wireless-n-routers-access-points/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-49269"
},
{
"db": "BID",
"id": "47893"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "NVD",
"id": "CVE-2011-1324"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-49269"
},
{
"db": "BID",
"id": "47893"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"db": "NVD",
"id": "CVE-2011-1324"
},
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-09T00:00:00",
"db": "VULHUB",
"id": "VHN-49269"
},
{
"date": "2011-05-17T00:00:00",
"db": "BID",
"id": "47893"
},
{
"date": "2011-05-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"date": "2011-05-09T19:55:03.507000",
"db": "NVD",
"id": "CVE-2011-1324"
},
{
"date": "2011-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-115"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-05-27T00:00:00",
"db": "VULHUB",
"id": "VHN-49269"
},
{
"date": "2011-05-17T00:00:00",
"db": "BID",
"id": "47893"
},
{
"date": "2011-05-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-000025"
},
{
"date": "2011-05-27T04:00:00",
"db": "NVD",
"id": "CVE-2011-1324"
},
{
"date": "2011-05-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201105-115"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Buffalo routers vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-000025"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201105-115"
}
],
"trust": 0.6
}
}
VAR-201712-0046
Vulnerability from variot - Updated: 2023-12-18 12:03Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. * Cross-site Scripting (CWE-79) - CVE-2017-10896 * Improper Input Validation (CWE-20) - CVE-2017-10897 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * An arbitrary script may be executed on the user's web browser If a logged-in user accesses a specially crafted page - CVE-2017-10896 * The device may become unresponsive if an improper input value is set in the administrative page - CVE-2017-10897. Buffalo BBR-4HG and BBR-4MG are both broadband router products of the Buffalo Group in Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bbr-4hg",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.48"
},
{
"model": "bbr-4mg",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.07"
},
{
"model": "bbr-4mg",
"scope": "gte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.00"
},
{
"model": "bbr-4hg",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.07"
},
{
"model": "bbr-4hg",
"scope": "gte",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "bbr-4mg",
"scope": "gte",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "bbr-4hg",
"scope": "gte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.00"
},
{
"model": "bbr-4mg",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.48"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 0.8,
"vendor": "buffalo",
"version": "firmware 1.00 to 1.48"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 0.8,
"vendor": "buffalo",
"version": "firmware 2.00 to 2.07"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 0.8,
"vendor": "buffalo",
"version": "firmware 1.00 to 1.48"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 0.8,
"vendor": "buffalo",
"version": "firmware 2.00 to 2.07"
},
{
"model": "bbr-4hg",
"scope": "gte",
"trust": 0.6,
"vendor": "buffalo",
"version": "1.00\u003c=1.48"
},
{
"model": "bbr-4mg",
"scope": "gte",
"trust": 0.6,
"vendor": "buffalo",
"version": "2.00,\u003c=2.07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "NVD",
"id": "CVE-2017-10896"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:bbr-4mg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07",
"versionStartIncluding": "2.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:buffalo:bbr-4mg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.48",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:bbr-4mg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:bbr-4hg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07",
"versionStartIncluding": "2.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:buffalo:bbr-4hg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.48",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:bbr-4hg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10896"
}
]
},
"cve": "CVE-2017-10896",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000244",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 2.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000244",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-00620",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000244",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 4.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000244",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2017-000244",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2017-10896",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-00620",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-106",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "NVD",
"id": "CVE-2017-10896"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-106"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. * Cross-site Scripting (CWE-79) - CVE-2017-10896 * Improper Input Validation (CWE-20) - CVE-2017-10897 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * An arbitrary script may be executed on the user\u0027s web browser If a logged-in user accesses a specially crafted page - CVE-2017-10896 * The device may become unresponsive if an improper input value is set in the administrative page - CVE-2017-10897. Buffalo BBR-4HG and BBR-4MG are both broadband router products of the Buffalo Group in Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10896"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "CNVD",
"id": "CNVD-2018-00620"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10896",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN65994435",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-00620",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201707-106",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "NVD",
"id": "CVE-2017-10896"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-106"
}
]
},
"id": "VAR-201712-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00620"
}
],
"trust": 1.1089285649999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00620"
}
]
},
"last_update_date": "2023-12-18T12:03:03.071000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BUFFALO INC. website",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20171201.html"
},
{
"title": "Patch for Buffalo BBR-4HG and BBR-4MG Cross-Site Scripting Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/113011"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "NVD",
"id": "CVE-2017-10896"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://jvn.jp/en/jp/jvn65994435/index.html"
},
{
"trust": 1.6,
"url": "http://buffalo.jp/support_s/s20171201.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10896"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10896"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10897"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10897"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "NVD",
"id": "CVE-2017-10896"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-106"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-00620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "NVD",
"id": "CVE-2017-10896"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-106"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00620"
},
{
"date": "2017-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"date": "2017-12-08T15:29:00.197000",
"db": "NVD",
"id": "CVE-2017-10896"
},
{
"date": "2017-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-106"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00620"
},
{
"date": "2018-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"date": "2017-12-20T16:27:12.237000",
"db": "NVD",
"id": "CVE-2017-10896"
},
{
"date": "2017-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-106"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-106"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffalo BBR-4HG and BBR-4MG Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00620"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-106"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-106"
}
],
"trust": 0.6
}
}
VAR-201712-0047
Vulnerability from variot - Updated: 2023-12-18 12:03Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors. BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. * Cross-site Scripting (CWE-79) - CVE-2017-10896 * Improper Input Validation (CWE-20) - CVE-2017-10897 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * An arbitrary script may be executed on the user's web browser If a logged-in user accesses a specially crafted page - CVE-2017-10896 * The device may become unresponsive if an improper input value is set in the administrative page - CVE-2017-10897. Buffalo BBR-4HG and BBR-4MG are both broadband router products of the Buffalo Group in Japan. An attacker could exploit the vulnerability to cause a denial of service (the device could not respond)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bbr-4hg",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.48"
},
{
"model": "bbr-4mg",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.07"
},
{
"model": "bbr-4mg",
"scope": "gte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.00"
},
{
"model": "bbr-4hg",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.07"
},
{
"model": "bbr-4hg",
"scope": "gte",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "bbr-4mg",
"scope": "gte",
"trust": 1.0,
"vendor": "buffalo",
"version": "2.00"
},
{
"model": "bbr-4hg",
"scope": "gte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.00"
},
{
"model": "bbr-4mg",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalo",
"version": "1.48"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 0.8,
"vendor": "buffalo",
"version": "firmware 1.00 to 1.48"
},
{
"model": "bbr-4hg",
"scope": "eq",
"trust": 0.8,
"vendor": "buffalo",
"version": "firmware 2.00 to 2.07"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 0.8,
"vendor": "buffalo",
"version": "firmware 1.00 to 1.48"
},
{
"model": "bbr-4mg",
"scope": "eq",
"trust": 0.8,
"vendor": "buffalo",
"version": "firmware 2.00 to 2.07"
},
{
"model": "bbr-4hg",
"scope": "gte",
"trust": 0.6,
"vendor": "buffalo",
"version": "1.00\u003c=1.48"
},
{
"model": "bbr-4mg",
"scope": "gte",
"trust": 0.6,
"vendor": "buffalo",
"version": "2.00,\u003c=2.07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00618"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "NVD",
"id": "CVE-2017-10897"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:bbr-4mg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07",
"versionStartIncluding": "2.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:buffalo:bbr-4mg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.48",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:bbr-4mg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalo:bbr-4hg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.07",
"versionStartIncluding": "2.00",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:buffalo:bbr-4hg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.48",
"versionStartIncluding": "1.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalo:bbr-4hg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10897"
}
]
},
"cve": "CVE-2017-10897",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.1,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000244",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 2.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000244",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 5.1,
"id": "CNVD-2018-00618",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 0.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000244",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 4.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000244",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2017-000244",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2017-10897",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-00618",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201707-105",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00618"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "NVD",
"id": "CVE-2017-10897"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-105"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors. BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. * Cross-site Scripting (CWE-79) - CVE-2017-10896 * Improper Input Validation (CWE-20) - CVE-2017-10897 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * An arbitrary script may be executed on the user\u0027s web browser If a logged-in user accesses a specially crafted page - CVE-2017-10896 * The device may become unresponsive if an improper input value is set in the administrative page - CVE-2017-10897. Buffalo BBR-4HG and BBR-4MG are both broadband router products of the Buffalo Group in Japan. An attacker could exploit the vulnerability to cause a denial of service (the device could not respond)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10897"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "CNVD",
"id": "CNVD-2018-00618"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10897",
"trust": 3.0
},
{
"db": "JVN",
"id": "JVN65994435",
"trust": 2.4
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-00618",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201707-105",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00618"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "NVD",
"id": "CVE-2017-10897"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-105"
}
]
},
"id": "VAR-201712-0047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00618"
}
],
"trust": 1.1089285649999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00618"
}
]
},
"last_update_date": "2023-12-18T12:03:03.103000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BUFFALO INC. website",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20171201.html"
},
{
"title": "BuffaloBBR-4HG and BBR-4MG denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/113015"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00618"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
},
{
"problemtype": "CWE-79",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "NVD",
"id": "CVE-2017-10897"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://jvn.jp/en/jp/jvn65994435/index.html"
},
{
"trust": 1.6,
"url": "http://buffalo.jp/support_s/s20171201.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10897"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10896"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10897"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10896"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-00618"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "NVD",
"id": "CVE-2017-10897"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-105"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-00618"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"db": "NVD",
"id": "CVE-2017-10897"
},
{
"db": "CNNVD",
"id": "CNNVD-201707-105"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00618"
},
{
"date": "2017-12-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"date": "2017-12-08T15:29:00.230000",
"db": "NVD",
"id": "CVE-2017-10897"
},
{
"date": "2017-07-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-105"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-00618"
},
{
"date": "2018-03-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000244"
},
{
"date": "2017-12-20T20:33:02.503000",
"db": "NVD",
"id": "CVE-2017-10897"
},
{
"date": "2017-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201707-105"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-105"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple Buffalo broadband routers",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000244"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201707-105"
}
],
"trust": 0.6
}
}
VAR-200805-0397
Vulnerability from variot - Updated: 2022-05-17 02:01Some Buffalo routers have a vulnerability that could allow remote access from the WAN side. A remote attacker could exploit this vulnerability to manipulate a router by gaining administrative privileges. By accessing the management interface, a remote attacker could also obtain user's account and password information of the ISP using the save settings function.Configurations could be changed by the remote attacker. As the save configuration stores user's account and password information of ISPs in plain-text format, a remote attacker could steal such information and impersonate a user to gain illegal access.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200805-0397",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "bbr-4hg",
"scope": "lte",
"trust": 0.8,
"vendor": "buffalo",
"version": "firmware version 1.04"
},
{
"model": "bbr-4mg",
"scope": "lte",
"trust": 0.8,
"vendor": "buffalo",
"version": "firmware version 1.04"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000765"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:buffalo_inc:bbr-4hg",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:buffalo_inc:bbr-4mg",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000765"
}
]
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2005-000765",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2005-000765",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000765"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Some Buffalo routers have a vulnerability that could allow remote access from the WAN side. A remote attacker could exploit this vulnerability to manipulate a router by gaining administrative privileges. By accessing the management interface, a remote attacker could also obtain user\u0027s account and password information of the ISP using the save settings function.Configurations could be changed by the remote attacker. As the save configuration stores user\u0027s account and password information of ISPs in plain-text format, a remote attacker could steal such information and impersonate a user to gain illegal access.",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000765"
}
],
"trust": 0.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN55023557",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2005-000765",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000765"
}
]
},
"id": "VAR-200805-0397",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5089285649999999
},
"last_update_date": "2022-05-17T02:01:30.868000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BBR-4HG FarmWare",
"trust": 0.8,
"url": "http://buffalo.jp/download/driver/lan/bbr4hg.html"
},
{
"title": "BBR-4MG FarmWare",
"trust": 0.8,
"url": "http://buffalo.jp/download/driver/lan/bbr4mg.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000765"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn55023557/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000765"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000765"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000765"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-05-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2005-000765"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffalo router configuration management interface vulnerable to remote access and password leakage",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2005-000765"
}
],
"trust": 0.8
}
}