Search criteria
6 vulnerabilities found for wnc01wh by buffalotech
VAR-201706-0100
Vulnerability from variot - Updated: 2023-12-18 12:51Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing commands. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An authenticated attacker may obtain arbitrary files on the product. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0100",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wnc01wh",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "lte",
"trust": 0.8,
"vendor": "buffalo",
"version": "version 1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.6,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.5"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.4"
},
{
"model": "wnc01wh",
"scope": "ne",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.9"
}
],
"sources": [
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000240"
},
{
"db": "NVD",
"id": "CVE-2016-7825"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-090"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalotech:wnc01wh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wnc01wh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7825"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "BID",
"id": "94648"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-090"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7825",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 1.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000240",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-96645",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.0,
"baseSeverity": "Low",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000240",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7825",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000240",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-090",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96645",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96645"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000240"
},
{
"db": "NVD",
"id": "CVE-2016-7825"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-090"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing commands. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An authenticated attacker may obtain arbitrary files on the product. Buffalo WNC01WH camera is prone to the following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. A cross-site request forgery vulnerability\n3. An HTML-injection vulnerability\n4. A security bypass vulnerability\n5. Multiple directory-traversal vulnerabilities\nAn attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. \nBuffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7825"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000240"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "VULHUB",
"id": "VHN-96645"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN40613060",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2016-7825",
"trust": 2.8
},
{
"db": "BID",
"id": "94648",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000240",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-090",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96645",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96645"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000240"
},
{
"db": "NVD",
"id": "CVE-2016-7825"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-090"
}
]
},
"id": "VAR-201706-0100",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96645"
}
],
"trust": 0.6833333
},
"last_update_date": "2023-12-18T12:51:13.075000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BUFFALO INC. website",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"title": "Buffalo WNC01WH Fixes for directory traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66141"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000240"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-090"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96645"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000240"
},
{
"db": "NVD",
"id": "CVE-2016-7825"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn40613060/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94648"
},
{
"trust": 1.7,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7825"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7825"
},
{
"trust": 0.3,
"url": "http://buffalo.jp/"
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn40613060/index.html "
},
{
"trust": 0.3,
"url": "http://buffalo.jp/support_s/s20161201.html "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96645"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000240"
},
{
"db": "NVD",
"id": "CVE-2016-7825"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-090"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96645"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000240"
},
{
"db": "NVD",
"id": "CVE-2016-7825"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-090"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96645"
},
{
"date": "2016-12-02T00:00:00",
"db": "BID",
"id": "94648"
},
{
"date": "2016-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000240"
},
{
"date": "2017-06-09T16:29:01.033000",
"db": "NVD",
"id": "CVE-2016-7825"
},
{
"date": "2016-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-090"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-96645"
},
{
"date": "2016-12-20T02:05:00",
"db": "BID",
"id": "94648"
},
{
"date": "2017-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000240"
},
{
"date": "2017-06-15T01:20:12.200000",
"db": "NVD",
"id": "CVE-2016-7825"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-090"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-090"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WNC01WH vulnerable to directory traversal due to an issue in processing commands",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000240"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-090"
}
],
"trust": 0.6
}
}
VAR-201706-0096
Vulnerability from variot - Updated: 2023-12-18 12:51Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a denial-of-service (DoS) vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged-in, the user may not be able to access the management screen. An attacker could exploit the vulnerability to cause a denial of service. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0096",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wnc01wh",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "lte",
"trust": 0.8,
"vendor": "buffalo",
"version": "version 1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "lte",
"trust": 0.6,
"vendor": "buffalo",
"version": "\u003c=1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.6,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.5"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.4"
},
{
"model": "wnc01wh",
"scope": "ne",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.9"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12053"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000236"
},
{
"db": "NVD",
"id": "CVE-2016-7821"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-086"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalotech:wnc01wh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wnc01wh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7821"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "BID",
"id": "94648"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-086"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7821",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 5.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000236",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-12053",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-96641",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000236",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7821",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000236",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-12053",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96641",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12053"
},
{
"db": "VULHUB",
"id": "VHN-96641"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000236"
},
{
"db": "NVD",
"id": "CVE-2016-7821"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-086"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a denial-of-service (DoS) vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged-in, the user may not be able to access the management screen. An attacker could exploit the vulnerability to cause a denial of service. Buffalo WNC01WH camera is prone to the following security vulnerabilities:\n1. A cross-site request forgery vulnerability\n3. An HTML-injection vulnerability\n4. A security bypass vulnerability\n5. Multiple directory-traversal vulnerabilities\nAn attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. \nBuffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7821"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000236"
},
{
"db": "CNVD",
"id": "CNVD-2016-12053"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "VULHUB",
"id": "VHN-96641"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7821",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN40613060",
"trust": 2.8
},
{
"db": "BID",
"id": "94648",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000236",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-12053",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201612-086",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-96641",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12053"
},
{
"db": "VULHUB",
"id": "VHN-96641"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000236"
},
{
"db": "NVD",
"id": "CVE-2016-7821"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-086"
}
]
},
"id": "VAR-201706-0096",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12053"
},
{
"db": "VULHUB",
"id": "VHN-96641"
}
],
"trust": 1.2833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12053"
}
]
},
"last_update_date": "2023-12-18T12:51:13.040000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BUFFALO INC. website",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"title": "BuffaloWNC01WH Patch for Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/85410"
},
{
"title": "Buffalo WNC01WH Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66137"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12053"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000236"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-086"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96641"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000236"
},
{
"db": "NVD",
"id": "CVE-2016-7821"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn40613060/index.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94648"
},
{
"trust": 1.7,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7821"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7821"
},
{
"trust": 0.3,
"url": "http://buffalo.jp/"
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn40613060/index.html "
},
{
"trust": 0.3,
"url": "http://buffalo.jp/support_s/s20161201.html "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-12053"
},
{
"db": "VULHUB",
"id": "VHN-96641"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000236"
},
{
"db": "NVD",
"id": "CVE-2016-7821"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-086"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-12053"
},
{
"db": "VULHUB",
"id": "VHN-96641"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000236"
},
{
"db": "NVD",
"id": "CVE-2016-7821"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-086"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12053"
},
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96641"
},
{
"date": "2016-12-02T00:00:00",
"db": "BID",
"id": "94648"
},
{
"date": "2016-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000236"
},
{
"date": "2017-06-09T16:29:00.907000",
"db": "NVD",
"id": "CVE-2016-7821"
},
{
"date": "2016-12-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-086"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-12053"
},
{
"date": "2017-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-96641"
},
{
"date": "2016-12-20T02:05:00",
"db": "BID",
"id": "94648"
},
{
"date": "2017-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000236"
},
{
"date": "2017-06-15T01:19:56.870000",
"db": "NVD",
"id": "CVE-2016-7821"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-086"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WNC01WH vulnerable to denial-of-service (DoS)",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000236"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-086"
}
],
"trust": 0.6
}
}
VAR-201706-0098
Vulnerability from variot - Updated: 2023-12-18 12:51Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a stored cross-site scripting vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the logged-in user's web browser. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0098",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wnc01wh",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "lte",
"trust": 0.8,
"vendor": "buffalo",
"version": "version 1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.6,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.5"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.4"
},
{
"model": "wnc01wh",
"scope": "ne",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.9"
}
],
"sources": [
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000238"
},
{
"db": "NVD",
"id": "CVE-2016-7823"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-088"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalotech:wnc01wh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wnc01wh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7823"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "BID",
"id": "94648"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-088"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.4,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000238",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.4,
"id": "VHN-96643",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000238",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7823",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000238",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-088",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-96643",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96643"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000238"
},
{
"db": "NVD",
"id": "CVE-2016-7823"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-088"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a stored cross-site scripting vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the logged-in user\u0027s web browser. Buffalo WNC01WH camera is prone to the following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An HTML-injection vulnerability\n4. A security bypass vulnerability\n5. Multiple directory-traversal vulnerabilities\nAn attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. \nBuffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7823"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000238"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "VULHUB",
"id": "VHN-96643"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN40613060",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2016-7823",
"trust": 2.8
},
{
"db": "BID",
"id": "94648",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000238",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-088",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96643",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96643"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000238"
},
{
"db": "NVD",
"id": "CVE-2016-7823"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-088"
}
]
},
"id": "VAR-201706-0098",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96643"
}
],
"trust": 0.6833333
},
"last_update_date": "2023-12-18T12:51:13.010000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BUFFALO INC. website",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"title": "Buffalo WNC01WH Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66139"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000238"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96643"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000238"
},
{
"db": "NVD",
"id": "CVE-2016-7823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn40613060/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94648"
},
{
"trust": 1.7,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7823"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7823"
},
{
"trust": 0.3,
"url": "http://buffalo.jp/"
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn40613060/index.html "
},
{
"trust": 0.3,
"url": "http://buffalo.jp/support_s/s20161201.html "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96643"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000238"
},
{
"db": "NVD",
"id": "CVE-2016-7823"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-088"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96643"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000238"
},
{
"db": "NVD",
"id": "CVE-2016-7823"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-088"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96643"
},
{
"date": "2016-12-02T00:00:00",
"db": "BID",
"id": "94648"
},
{
"date": "2016-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000238"
},
{
"date": "2017-06-09T16:29:00.953000",
"db": "NVD",
"id": "CVE-2016-7823"
},
{
"date": "2016-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-088"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-96643"
},
{
"date": "2016-12-20T02:05:00",
"db": "BID",
"id": "94648"
},
{
"date": "2017-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000238"
},
{
"date": "2017-06-15T01:21:12.767000",
"db": "NVD",
"id": "CVE-2016-7823"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-088"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WNC01WH vulnerable to stored cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000238"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-088"
}
],
"trust": 0.6
}
}
VAR-201706-0070
Vulnerability from variot - Updated: 2023-12-18 12:51Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing POST request. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An authenticated attacker may delete arbitrary files on the product. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wnc01wh",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "lte",
"trust": 0.8,
"vendor": "buffalo",
"version": "version 1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.6,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.5"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.4"
},
{
"model": "wnc01wh",
"scope": "ne",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.9"
}
],
"sources": [
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "NVD",
"id": "CVE-2016-7826"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalotech:wnc01wh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wnc01wh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7826"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "BID",
"id": "94648"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 6.2,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000241",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-96646",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000241",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7826",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000241",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-091",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96646",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96646"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "NVD",
"id": "CVE-2016-7826"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing POST request. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An authenticated attacker may delete arbitrary files on the product. Buffalo WNC01WH camera is prone to the following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. A cross-site request forgery vulnerability\n3. An HTML-injection vulnerability\n4. A security bypass vulnerability\n5. Multiple directory-traversal vulnerabilities\nAn attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. \nBuffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "VULHUB",
"id": "VHN-96646"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7826",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN40613060",
"trust": 2.8
},
{
"db": "BID",
"id": "94648",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96646",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96646"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "NVD",
"id": "CVE-2016-7826"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
]
},
"id": "VAR-201706-0070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96646"
}
],
"trust": 0.6833333
},
"last_update_date": "2023-12-18T12:51:12.979000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BUFFALO INC. website",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"title": "Buffalo WNC01WH Fixes for directory traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66142"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96646"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "NVD",
"id": "CVE-2016-7826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn40613060/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94648"
},
{
"trust": 1.7,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7826"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7826"
},
{
"trust": 0.3,
"url": "http://buffalo.jp/"
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn40613060/index.html "
},
{
"trust": 0.3,
"url": "http://buffalo.jp/support_s/s20161201.html "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96646"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "NVD",
"id": "CVE-2016-7826"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96646"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "NVD",
"id": "CVE-2016-7826"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96646"
},
{
"date": "2016-12-02T00:00:00",
"db": "BID",
"id": "94648"
},
{
"date": "2016-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"date": "2017-06-09T16:29:01.047000",
"db": "NVD",
"id": "CVE-2016-7826"
},
{
"date": "2016-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-96646"
},
{
"date": "2016-12-20T02:05:00",
"db": "BID",
"id": "94648"
},
{
"date": "2017-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"date": "2017-06-14T19:44:57.017000",
"db": "NVD",
"id": "CVE-2016-7826"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WNC01WH vulnerable to directory traversal due to an issue in processing POST request",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
],
"trust": 0.6
}
}
VAR-201706-0099
Vulnerability from variot - Updated: 2023-12-18 12:51Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an enabling debug option vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An authenticated attacker may enable the debug option. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group. An attacker could exploit this vulnerability to bypass access restrictions and enable debugging options
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0099",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wnc01wh",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "lte",
"trust": 0.8,
"vendor": "buffalo",
"version": "version 1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.6,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.5"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.4"
},
{
"model": "wnc01wh",
"scope": "ne",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.9"
}
],
"sources": [
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000239"
},
{
"db": "NVD",
"id": "CVE-2016-7824"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-089"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalotech:wnc01wh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wnc01wh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7824"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "BID",
"id": "94648"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-089"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7824",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000239",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-96644",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-000239",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7824",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000239",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-089",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96644",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96644"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000239"
},
{
"db": "NVD",
"id": "CVE-2016-7824"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-089"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an enabling debug option vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An authenticated attacker may enable the debug option. Buffalo WNC01WH camera is prone to the following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. A cross-site request forgery vulnerability\n3. An HTML-injection vulnerability\n4. A security bypass vulnerability\n5. Multiple directory-traversal vulnerabilities\nAn attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. \nBuffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group. An attacker could exploit this vulnerability to bypass access restrictions and enable debugging options",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7824"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000239"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "VULHUB",
"id": "VHN-96644"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN40613060",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2016-7824",
"trust": 2.8
},
{
"db": "BID",
"id": "94648",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000239",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-089",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96644",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96644"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000239"
},
{
"db": "NVD",
"id": "CVE-2016-7824"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-089"
}
]
},
"id": "VAR-201706-0099",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96644"
}
],
"trust": 0.6833333
},
"last_update_date": "2023-12-18T12:51:12.914000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BUFFALO INC. website",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"title": "Buffalo WNC01WH Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66140"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000239"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-089"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96644"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000239"
},
{
"db": "NVD",
"id": "CVE-2016-7824"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn40613060/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94648"
},
{
"trust": 1.7,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7824"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7824"
},
{
"trust": 0.3,
"url": "http://buffalo.jp/"
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn40613060/index.html "
},
{
"trust": 0.3,
"url": "http://buffalo.jp/support_s/s20161201.html "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96644"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000239"
},
{
"db": "NVD",
"id": "CVE-2016-7824"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-089"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96644"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000239"
},
{
"db": "NVD",
"id": "CVE-2016-7824"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-089"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96644"
},
{
"date": "2016-12-02T00:00:00",
"db": "BID",
"id": "94648"
},
{
"date": "2016-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000239"
},
{
"date": "2017-06-09T16:29:01",
"db": "NVD",
"id": "CVE-2016-7824"
},
{
"date": "2016-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-089"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-96644"
},
{
"date": "2016-12-20T02:05:00",
"db": "BID",
"id": "94648"
},
{
"date": "2017-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000239"
},
{
"date": "2017-06-15T13:26:38.840000",
"db": "NVD",
"id": "CVE-2016-7824"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-089"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-089"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WNC01WH vulnerable to enabling debug option",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000239"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-089"
}
],
"trust": 0.6
}
}
VAR-201706-0097
Vulnerability from variot - Updated: 2023-12-18 12:51Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a cross-site request forgery vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged-in, unintended operations may be conducted. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wnc01wh",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "lte",
"trust": 0.8,
"vendor": "buffalo",
"version": "version 1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.6,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.5"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.4"
},
{
"model": "wnc01wh",
"scope": "ne",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.9"
}
],
"sources": [
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000237"
},
{
"db": "NVD",
"id": "CVE-2016-7822"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-087"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:buffalotech:wnc01wh_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.0.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:buffalotech:wnc01wh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7822"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "BID",
"id": "94648"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-087"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7822",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000237",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-96642",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-000237",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7822",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000237",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-087",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96642",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96642"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000237"
},
{
"db": "NVD",
"id": "CVE-2016-7822"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-087"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a cross-site request forgery vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged-in, unintended operations may be conducted. Buffalo WNC01WH camera is prone to the following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. An HTML-injection vulnerability\n4. A security bypass vulnerability\n5. Multiple directory-traversal vulnerabilities\nAn attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. \nBuffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group. A remote attacker could exploit this vulnerability to perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7822"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000237"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "VULHUB",
"id": "VHN-96642"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN40613060",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2016-7822",
"trust": 2.8
},
{
"db": "BID",
"id": "94648",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000237",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-087",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96642",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96642"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000237"
},
{
"db": "NVD",
"id": "CVE-2016-7822"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-087"
}
]
},
"id": "VAR-201706-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96642"
}
],
"trust": 0.6833333
},
"last_update_date": "2023-12-18T12:51:12.949000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BUFFALO INC. website",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"title": "Buffalo WNC01WH Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66138"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000237"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96642"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000237"
},
{
"db": "NVD",
"id": "CVE-2016-7822"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn40613060/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94648"
},
{
"trust": 1.7,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7822"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7822"
},
{
"trust": 0.3,
"url": "http://buffalo.jp/"
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn40613060/index.html "
},
{
"trust": 0.3,
"url": "http://buffalo.jp/support_s/s20161201.html "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96642"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000237"
},
{
"db": "NVD",
"id": "CVE-2016-7822"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-087"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96642"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000237"
},
{
"db": "NVD",
"id": "CVE-2016-7822"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-087"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96642"
},
{
"date": "2016-12-02T00:00:00",
"db": "BID",
"id": "94648"
},
{
"date": "2016-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000237"
},
{
"date": "2017-06-09T16:29:00.937000",
"db": "NVD",
"id": "CVE-2016-7822"
},
{
"date": "2016-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-087"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-96642"
},
{
"date": "2016-12-20T02:05:00",
"db": "BID",
"id": "94648"
},
{
"date": "2017-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000237"
},
{
"date": "2017-06-15T13:21:21.387000",
"db": "NVD",
"id": "CVE-2016-7822"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-087"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WNC01WH vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000237"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-087"
}
],
"trust": 0.6
}
}