Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    79 vulnerabilities by buffalo

    CVE-2026-45779 (GCVE-0-2026-45779)

    Vulnerability from nvd – Published: 2026-06-05 19:30 – Updated: 2026-06-08 13:08
    VLAI
    Title
    Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise
    Summary
    OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database. All deployments of Open XDMoD prior to 10.0.3 are impacted. This issue was discovered on 2023-08-03 and patched on 2023-08-04. At this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 10.0.3 on 2023-08-04. As a workaround, apply the patch manually.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ubccr xdmod Affected: < 10.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45779",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T13:08:36.503467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T13:08:49.823Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xdmod",
              "vendor": "ubccr",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 10.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database. All deployments of Open XDMoD prior to 10.0.3 are impacted. This issue was discovered on 2023-08-03 and patched on 2023-08-04. At this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 10.0.3 on 2023-08-04. As a workaround, apply the patch manually."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T19:30:43.429Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ubccr/xdmod/security/advisories/GHSA-r33r-6g3c-r992",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ubccr/xdmod/security/advisories/GHSA-r33r-6g3c-r992"
            },
            {
              "name": "https://github.com/ubccr/xdmod/releases/tag/v10.0.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ubccr/xdmod/releases/tag/v10.0.3"
            },
            {
              "name": "https://open.xdmod.org/security_patches/GHSA-r33r-6g3c-r992-0_0_0-8_6_0.patch",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://open.xdmod.org/security_patches/GHSA-r33r-6g3c-r992-0_0_0-8_6_0.patch"
            },
            {
              "name": "https://open.xdmod.org/security_patches/GHSA-r33r-6g3c-r992-9_0_0-10_0_2.patch",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://open.xdmod.org/security_patches/GHSA-r33r-6g3c-r992-9_0_0-10_0_2.patch"
            }
          ],
          "source": {
            "advisory": "GHSA-r33r-6g3c-r992",
            "discovery": "UNKNOWN"
          },
          "title": "Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45779",
        "datePublished": "2026-06-05T19:30:43.429Z",
        "dateReserved": "2026-05-13T07:45:21.251Z",
        "dateUpdated": "2026-06-08T13:08:49.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45778 (GCVE-0-2026-45778)

    Vulnerability from nvd – Published: 2026-06-05 19:29 – Updated: 2026-06-08 15:45
    VLAI
    Title
    Open XDMoD Vulnerable to Reflected Cross-Site Scripting (XSS) in Password Reset
    Summary
    OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the victim, reflects and executes the unsanitized payload in the victim's browser, potentially leading to credential capture and Open XDMoD account takeover. All deployments of Open XDMoD prior to 11.0.3 are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ubccr xdmod Affected: < 11.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45778",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T15:44:55.320705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T15:45:28.993Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xdmod",
              "vendor": "ubccr",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the victim, reflects and executes the unsanitized payload in the victim\u0027s browser, potentially leading to credential capture and Open XDMoD account takeover. All deployments of Open XDMoD prior to 11.0.3 are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T19:29:18.171Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ubccr/xdmod/security/advisories/GHSA-3pv7-qvc3-h527",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ubccr/xdmod/security/advisories/GHSA-3pv7-qvc3-h527"
            }
          ],
          "source": {
            "advisory": "GHSA-3pv7-qvc3-h527",
            "discovery": "UNKNOWN"
          },
          "title": "Open XDMoD Vulnerable to Reflected Cross-Site Scripting (XSS) in Password Reset"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45778",
        "datePublished": "2026-06-05T19:29:18.171Z",
        "dateReserved": "2026-05-13T07:45:21.251Z",
        "dateUpdated": "2026-06-08T15:45:28.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45777 (GCVE-0-2026-45777)

    Vulnerability from nvd – Published: 2026-06-05 19:27 – Updated: 2026-06-05 20:26
    VLAI
    Title
    Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection
    Summary
    OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configuration, or disrupt service availability. All deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ubccr xdmod Affected: >= 9.5.0, < 11.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45777",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T20:23:47.481356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T20:26:14.285Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xdmod",
              "vendor": "ubccr",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 9.5.0, \u003c 11.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configuration, or disrupt service availability. All deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T19:28:46.175Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ubccr/xdmod/security/advisories/GHSA-29qm-7w4v-43fw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ubccr/xdmod/security/advisories/GHSA-29qm-7w4v-43fw"
            },
            {
              "name": "https://github.com/ubccr/xdmod/releases/tag/v11.0.3-2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ubccr/xdmod/releases/tag/v11.0.3-2"
            },
            {
              "name": "https://open.xdmod.org/security_patches/GHSA-29qm-7w4v-43fw-9_5_0-11_0_2.patch",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://open.xdmod.org/security_patches/GHSA-29qm-7w4v-43fw-9_5_0-11_0_2.patch"
            }
          ],
          "source": {
            "advisory": "GHSA-29qm-7w4v-43fw",
            "discovery": "UNKNOWN"
          },
          "title": "Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45777",
        "datePublished": "2026-06-05T19:27:50.626Z",
        "dateReserved": "2026-05-13T07:45:21.251Z",
        "dateUpdated": "2026-06-05T20:26:14.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45776 (GCVE-0-2026-45776)

    Vulnerability from nvd – Published: 2026-06-05 19:26 – Updated: 2026-06-05 19:43
    VLAI
    Title
    Open XDMoD has Broken Access Control via Client-Controlled Session Variable
    Summary
    OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD includes the optional Job Performance (SUPReMM) module, an attacker could bypass intended data access restrictions and view other users' compute job efficiency metrics. All deployments of Open XDMoD prior to version 11.0.3 that contain the optional Job Performance (SUPReMM) module are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    ubccr xdmod Affected: < 11.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45776",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T19:43:19.905093Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T19:43:28.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xdmod",
              "vendor": "ubccr",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD\u0027s access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD includes the optional Job Performance (SUPReMM) module, an attacker could bypass intended data access restrictions and view other users\u0027 compute job efficiency metrics. All deployments of Open XDMoD prior to version 11.0.3 that contain the optional Job Performance (SUPReMM) module are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T19:26:31.288Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ubccr/xdmod/security/advisories/GHSA-3hfh-m242-8rmh",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ubccr/xdmod/security/advisories/GHSA-3hfh-m242-8rmh"
            },
            {
              "name": "https://github.com/ubccr/xdmod/releases/tag/v11.0.3-2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ubccr/xdmod/releases/tag/v11.0.3-2"
            },
            {
              "name": "https://open.xdmod.org/security_patches/GHSA-3hfh-m242-8rmh-0_0_0-11_0_2.patch",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://open.xdmod.org/security_patches/GHSA-3hfh-m242-8rmh-0_0_0-11_0_2.patch"
            }
          ],
          "source": {
            "advisory": "GHSA-3hfh-m242-8rmh",
            "discovery": "UNKNOWN"
          },
          "title": "Open XDMoD has Broken Access Control via Client-Controlled Session Variable"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45776",
        "datePublished": "2026-06-05T19:26:31.288Z",
        "dateReserved": "2026-05-13T07:45:21.251Z",
        "dateUpdated": "2026-06-05T19:43:28.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-29516 (GCVE-0-2026-29516)

    Vulnerability from nvd – Published: 2026-03-16 19:07 – Updated: 2026-05-11 23:11 Unsupported When Assigned
    VLAI
    Title
    Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure
    Summary
    Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Buffalo TeraStation NAS TS5400R Affected: 0 , ≤ 4.02-0.06 (custom)
    Create a notification for this product.
    Credits
    Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp Omar Crespo, Pentester, GM Sectec, Corp. VulnCheck
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-29516",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T20:08:01.485297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T20:08:40.712Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "TeraStation NAS TS5400R",
              "vendor": "Buffalo",
              "versions": [
                {
                  "lessThanOrEqual": "4.02-0.06",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Omar Crespo, Pentester, GM Sectec, Corp."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulnCheck"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root.\u003cbr\u003e"
                }
              ],
              "value": "Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T23:11:43.348Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://buffaloamericas.com/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/buffalo-terastation-ts5400r-excessive-file-permissions-information-disclosure"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-29516",
        "datePublished": "2026-03-16T19:07:52.684Z",
        "dateReserved": "2026-03-04T15:39:26.872Z",
        "dateUpdated": "2026-05-11T23:11:43.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45779 (GCVE-0-2026-45779)

    Vulnerability from cvelistv5 – Published: 2026-06-05 19:30 – Updated: 2026-06-08 13:08
    VLAI
    Title
    Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise
    Summary
    OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database. All deployments of Open XDMoD prior to 10.0.3 are impacted. This issue was discovered on 2023-08-03 and patched on 2023-08-04. At this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 10.0.3 on 2023-08-04. As a workaround, apply the patch manually.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ubccr xdmod Affected: < 10.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45779",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T13:08:36.503467Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T13:08:49.823Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xdmod",
              "vendor": "ubccr",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 10.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerability exists in Open XDMoD versions prior to 10.0.3 that allows an unauthenticated remote attacker to execute arbitrary SQL statements. Exploitation requires no authentication or user interaction and can result in complete compromise of the underlying database. All deployments of Open XDMoD prior to 10.0.3 are impacted. This issue was discovered on 2023-08-03 and patched on 2023-08-04. At this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 10.0.3 on 2023-08-04. As a workaround, apply the patch manually."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T19:30:43.429Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ubccr/xdmod/security/advisories/GHSA-r33r-6g3c-r992",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ubccr/xdmod/security/advisories/GHSA-r33r-6g3c-r992"
            },
            {
              "name": "https://github.com/ubccr/xdmod/releases/tag/v10.0.3",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ubccr/xdmod/releases/tag/v10.0.3"
            },
            {
              "name": "https://open.xdmod.org/security_patches/GHSA-r33r-6g3c-r992-0_0_0-8_6_0.patch",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://open.xdmod.org/security_patches/GHSA-r33r-6g3c-r992-0_0_0-8_6_0.patch"
            },
            {
              "name": "https://open.xdmod.org/security_patches/GHSA-r33r-6g3c-r992-9_0_0-10_0_2.patch",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://open.xdmod.org/security_patches/GHSA-r33r-6g3c-r992-9_0_0-10_0_2.patch"
            }
          ],
          "source": {
            "advisory": "GHSA-r33r-6g3c-r992",
            "discovery": "UNKNOWN"
          },
          "title": "Open XDMoD Vulnerable to Unauthenticated SQL Injection Leading to Full Database Compromise"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45779",
        "datePublished": "2026-06-05T19:30:43.429Z",
        "dateReserved": "2026-05-13T07:45:21.251Z",
        "dateUpdated": "2026-06-08T13:08:49.823Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45778 (GCVE-0-2026-45778)

    Vulnerability from cvelistv5 – Published: 2026-06-05 19:29 – Updated: 2026-06-08 15:45
    VLAI
    Title
    Open XDMoD Vulnerable to Reflected Cross-Site Scripting (XSS) in Password Reset
    Summary
    OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the victim, reflects and executes the unsanitized payload in the victim's browser, potentially leading to credential capture and Open XDMoD account takeover. All deployments of Open XDMoD prior to 11.0.3 are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    References
    Impacted products
    Vendor Product Version
    ubccr xdmod Affected: < 11.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45778",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-08T15:44:55.320705Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-08T15:45:28.993Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xdmod",
              "vendor": "ubccr",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an authenticated attacker can inject malicious JavaScript into their Open XDMoD user profile and abuse the password reset functionality to email a link to an HTML page, which when visited by the victim, reflects and executes the unsanitized payload in the victim\u0027s browser, potentially leading to credential capture and Open XDMoD account takeover. All deployments of Open XDMoD prior to 11.0.3 are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T19:29:18.171Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ubccr/xdmod/security/advisories/GHSA-3pv7-qvc3-h527",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ubccr/xdmod/security/advisories/GHSA-3pv7-qvc3-h527"
            }
          ],
          "source": {
            "advisory": "GHSA-3pv7-qvc3-h527",
            "discovery": "UNKNOWN"
          },
          "title": "Open XDMoD Vulnerable to Reflected Cross-Site Scripting (XSS) in Password Reset"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45778",
        "datePublished": "2026-06-05T19:29:18.171Z",
        "dateReserved": "2026-05-13T07:45:21.251Z",
        "dateUpdated": "2026-06-08T15:45:28.993Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45777 (GCVE-0-2026-45777)

    Vulnerability from cvelistv5 – Published: 2026-06-05 19:27 – Updated: 2026-06-05 20:26
    VLAI
    Title
    Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection
    Summary
    OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configuration, or disrupt service availability. All deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    Assigner
    Impacted products
    Vendor Product Version
    ubccr xdmod Affected: >= 9.5.0, < 11.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45777",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T20:23:47.481356Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T20:26:14.285Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xdmod",
              "vendor": "ubccr",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 9.5.0, \u003c 11.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attacker to read or modify application data, alter system configuration, or disrupt service availability. All deployments of Open XDMoD versions 9.5.0 through 11.0.2 (inclusive) are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.3,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T19:28:46.175Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ubccr/xdmod/security/advisories/GHSA-29qm-7w4v-43fw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ubccr/xdmod/security/advisories/GHSA-29qm-7w4v-43fw"
            },
            {
              "name": "https://github.com/ubccr/xdmod/releases/tag/v11.0.3-2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ubccr/xdmod/releases/tag/v11.0.3-2"
            },
            {
              "name": "https://open.xdmod.org/security_patches/GHSA-29qm-7w4v-43fw-9_5_0-11_0_2.patch",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://open.xdmod.org/security_patches/GHSA-29qm-7w4v-43fw-9_5_0-11_0_2.patch"
            }
          ],
          "source": {
            "advisory": "GHSA-29qm-7w4v-43fw",
            "discovery": "UNKNOWN"
          },
          "title": "Open XDMoD Vulnerable to Unauthenticated Remote Code Execution (RCE) via OS Command Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45777",
        "datePublished": "2026-06-05T19:27:50.626Z",
        "dateReserved": "2026-05-13T07:45:21.251Z",
        "dateUpdated": "2026-06-05T20:26:14.285Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45776 (GCVE-0-2026-45776)

    Vulnerability from cvelistv5 – Published: 2026-06-05 19:26 – Updated: 2026-06-05 19:43
    VLAI
    Title
    Open XDMoD has Broken Access Control via Client-Controlled Session Variable
    Summary
    OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD's access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD includes the optional Job Performance (SUPReMM) module, an attacker could bypass intended data access restrictions and view other users' compute job efficiency metrics. All deployments of Open XDMoD prior to version 11.0.3 that contain the optional Job Performance (SUPReMM) module are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    ubccr xdmod Affected: < 11.0.3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-45776",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-05T19:43:19.905093Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-05T19:43:28.797Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "xdmod",
              "vendor": "ubccr",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 11.0.3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a flaw in Open XDMoD\u0027s access control logic allows an attacker to submit a crafted HTTPS POST request that sets a session variable used for authorization decisions. If an installation of Open XDMoD includes the optional Job Performance (SUPReMM) module, an attacker could bypass intended data access restrictions and view other users\u0027 compute job efficiency metrics. All deployments of Open XDMoD prior to version 11.0.3 that contain the optional Job Performance (SUPReMM) module are impacted. This issue was reported privately on 2026-04-06, and at this time there is no evidence that this vulnerability has been exploited in the wild. The vulnerability was patched in Open XDMoD 11.0.3 on 2026-05-12. As a workaround, apply the patch manually."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-05T19:26:31.288Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/ubccr/xdmod/security/advisories/GHSA-3hfh-m242-8rmh",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/ubccr/xdmod/security/advisories/GHSA-3hfh-m242-8rmh"
            },
            {
              "name": "https://github.com/ubccr/xdmod/releases/tag/v11.0.3-2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ubccr/xdmod/releases/tag/v11.0.3-2"
            },
            {
              "name": "https://open.xdmod.org/security_patches/GHSA-3hfh-m242-8rmh-0_0_0-11_0_2.patch",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://open.xdmod.org/security_patches/GHSA-3hfh-m242-8rmh-0_0_0-11_0_2.patch"
            }
          ],
          "source": {
            "advisory": "GHSA-3hfh-m242-8rmh",
            "discovery": "UNKNOWN"
          },
          "title": "Open XDMoD has Broken Access Control via Client-Controlled Session Variable"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45776",
        "datePublished": "2026-06-05T19:26:31.288Z",
        "dateReserved": "2026-05-13T07:45:21.251Z",
        "dateUpdated": "2026-06-05T19:43:28.797Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-29516 (GCVE-0-2026-29516)

    Vulnerability from cvelistv5 – Published: 2026-03-16 19:07 – Updated: 2026-05-11 23:11 Unsupported When Assigned
    VLAI
    Title
    Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure
    Summary
    Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-732 - Incorrect Permission Assignment for Critical Resource
    Assigner
    References
    Impacted products
    Vendor Product Version
    Buffalo TeraStation NAS TS5400R Affected: 0 , ≤ 4.02-0.06 (custom)
    Create a notification for this product.
    Credits
    Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp Omar Crespo, Pentester, GM Sectec, Corp. VulnCheck
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-29516",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-16T20:08:01.485297Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-16T20:08:40.712Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "TeraStation NAS TS5400R",
              "vendor": "Buffalo",
              "versions": [
                {
                  "lessThanOrEqual": "4.02-0.06",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "Omar Crespo, Pentester, GM Sectec, Corp."
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulnCheck"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root.\u003cbr\u003e"
                }
              ],
              "value": "Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "HIGH",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-732",
                  "description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-11T23:11:43.348Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "tags": [
                "product"
              ],
              "url": "https://buffaloamericas.com/"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/buffalo-terastation-ts5400r-excessive-file-permissions-information-disclosure"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "tags": [
            "unsupported-when-assigned"
          ],
          "title": "Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure",
          "x_generator": {
            "engine": "Vulnogram 1.0.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2026-29516",
        "datePublished": "2026-03-16T19:07:52.684Z",
        "dateReserved": "2026-03-04T15:39:26.872Z",
        "dateUpdated": "2026-05-11T23:11:43.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    VAR-201505-0274

    Vulnerability from variot - Updated: 2024-04-18 13:16

    The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. WSR-300HP provided by BUFFALO INC. contains an arbitrary code execution vulnerability. WSR-300HP provided by BUFFALO INC. is a wireless LAN router. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. ・ Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 ・ Retractable cross-site scripting (CWE-79) - CVE-2021-20645 ・ Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 ・ UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 ・ Crafted SSID Is displayed on the management screen, and any script is executed on the user's web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 ・ Any third party who can access the product OS Command is executed - CVE-2021-20648 ・ Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 ・ With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. Authentication is not required to exploit this vulnerability.The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Failed exploit attempts will result in a denial-of-service condition. Realtek SDK is a set of SDK development kit developed by Realtek

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201505-0274",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "dir-619l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.13"
          },
          {
            "model": "dir-619l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.03"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.04"
          },
          {
            "model": "dir-600l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.00"
          },
          {
            "model": "dir-600l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.05"
          },
          {
            "model": "dir-605l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.00"
          },
          {
            "model": "dir-605l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "dir-600l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "dir-600l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.15"
          },
          {
            "model": "dir-619l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.15"
          },
          {
            "model": "dir-809",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.02"
          },
          {
            "model": "sdk",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "realtek",
            "version": null
          },
          {
            "model": "dir-905l",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.02"
          },
          {
            "model": "dir-619l",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "2.00"
          },
          {
            "model": "dir-809",
            "scope": "gte",
            "trust": 1.0,
            "vendor": "dlink",
            "version": "1.00"
          },
          {
            "model": "wsr-300hp",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "firmware 2.30"
          },
          {
            "model": "ld-ps/u1",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20643)"
          },
          {
            "model": "ncc-ewf100rmwh2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20650)"
          },
          {
            "model": "wrc-1467ghbk-a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20644)"
          },
          {
            "model": "wrc-300febk",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2014-8361)"
          },
          {
            "model": "wrc-300febk-a",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20645, cve-2021-20646)"
          },
          {
            "model": "wrc-300febk-s",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2021-20647, cve-2021-20648, cve-2021-20649, cve-2014-8361)"
          },
          {
            "model": "wrc-f300nf",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "elecom",
            "version": "(cve-2014-8361)"
          },
          {
            "model": "dir-600l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "a1 ( firmware  1.15  )"
          },
          {
            "model": "dir-600l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "b1 ( firmware  2.056b06  )"
          },
          {
            "model": "dir-600l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.15"
          },
          {
            "model": "dir-600l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "2.056b06"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "a1 ( firmware  1.14b06  )"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "bx ( firmware  2.07b02  )"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "c1 ( firmware  3.03b07  )"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.14b06"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "2.07b02"
          },
          {
            "model": "dir-605l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "3.03b07"
          },
          {
            "model": "dir-619l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "a1 ( firmware  1.15  )"
          },
          {
            "model": "dir-619l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "b1 ( firmware  2.07b02  )"
          },
          {
            "model": "dir-619l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.15"
          },
          {
            "model": "dir-619l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "2.07b02"
          },
          {
            "model": "dir-809",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "a1 ( firmware  1.04b02  )"
          },
          {
            "model": "dir-809",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "a2 ( firmware  1.04b02  )"
          },
          {
            "model": "dir-809",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.04b02"
          },
          {
            "model": "dir-900l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "a1 ( firmware  1.14b02  )"
          },
          {
            "model": "dir-900l",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "d link",
            "version": "1.14b02"
          },
          {
            "model": "sdk",
            "scope": null,
            "trust": 0.8,
            "vendor": "realtek semiconductor corp",
            "version": null
          },
          {
            "model": "rtl81xx sdk",
            "scope": null,
            "trust": 0.7,
            "vendor": "realtek",
            "version": null
          },
          {
            "model": "dir-600l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.15"
          },
          {
            "model": "dir-600l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.05"
          },
          {
            "model": "dir-905l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.02"
          },
          {
            "model": "dir-605l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "1.13"
          },
          {
            "model": "dir-605l",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "d link",
            "version": "2.04"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-905l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-905l:a1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.13",
                        "versionStartIncluding": "1.00",
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-605l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.04",
                        "versionStartIncluding": "2.00",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-605l:a1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-605l:b1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.15",
                        "versionStartIncluding": "1.00",
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-600l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.05",
                        "versionStartIncluding": "2.00",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-600l:a1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-600l:b1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:realtek:realtek_sdk:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.15",
                        "versionStartIncluding": "1.00",
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-619l_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.03",
                        "versionStartIncluding": "2.00",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-619l:a1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-619l:b1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:dlink:dir-809_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02",
                        "versionStartIncluding": "1.00",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-809:a1:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      },
                      {
                        "cpe23Uri": "cpe:2.3:h:dlink:dir-809:a2:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ricky \"HeadlessZeke\" Lawshae",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "BID",
            "id": "74330"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          }
        ],
        "trust": 1.6
      },
      "cve": "CVE-2014-8361",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2014-8361",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 1.6,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000194",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 2.6,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-76306",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000194",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.2,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 5.4,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "Low",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-000008",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2021-000008",
                "trust": 4.8,
                "value": "Medium"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-8361",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000194",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2021-000008",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2014-8361",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201504-581",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-76306",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-8361",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023. WSR-300HP provided by BUFFALO INC. contains an arbitrary code execution vulnerability. WSR-300HP provided by BUFFALO INC. is a wireless LAN router. The following multiple vulnerabilities exist in multiple products provided by ELECOM CORPORATION. \u30fb Inadequate access restrictions (CWE-284) - CVE-2021-20643 -Script injection on the management screen (CWE-74) - CVE-2021-20644 \u30fb Retractable cross-site scripting (CWE-79) - CVE-2021-20645 \u30fb Cross-site request forgery (CWE-352) - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb OS Command injection (CWE-78) - CVE-2021-20648 -Insufficient verification of server certificate (CWE-295) - CVE-2021-20649 \u30fb UPnP Via OS Command injection (CWE-78) - CVE-2014-8361 CVE-2021-20643 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Institute of Information Security Yuasa Laboratory Nagakawa ( Ishibashi ) Australia Mr CVE-2021-20644 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Sato Rei Mr CVE-2021-20645, CVE-2021-20646 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Mitsui Bussan Secure Direction Co., Ltd. Tetsuyuki Ogawa Mr CVE-2021-20647, CVE-2021-20648, CVE-2021-20649 These vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr CVE-2021-20650 This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Hiroshi Watanabe Mr CVE-2014-8361 The following person indicates that the product is vulnerable to IPA Report to JPCERT/CC Coordinated with the developer. Reporter : Cyber Defense Institute, Inc. Satoru Nagaoka Mr., National Institute of Information and Communications Technology Makita Daisuke Mr., National Institute of Information and Communications Technology Woods Yoshiki MrThe expected impact depends on each vulnerability, but it may be affected as follows. -The management password of the product is changed by processing the request crafted by a remote third party. - CVE-2021-20643 \u30fb Crafted SSID Is displayed on the management screen, and any script is executed on the user\u0027s web browser. - CVE-2021-20644 -Any script is executed on the web browser of the user who is logged in to the product. - CVE-2021-20645 -When a user logged in to the management screen of the product accesses a specially crafted page, an arbitrary request is executed, and as a result, the settings of the product are changed unintentionally. telnet Daemon is started - CVE-2021-20646, CVE-2021-20647, CVE-2021-20650 \u30fb Any third party who can access the product OS Command is executed - CVE-2021-20648 \u30fb Man-in-the-middle attack (man-in-the-middle attack) The communication response has been tampered with, resulting in arbitrary in the product. OS Command is executed - CVE-2021-20649 \u30fb With the product UPnP Is valid, any by a third party who has access to the product OS Command is executed - CVE-2014-8361. Authentication is not required to exploit this vulnerability.The specific flaw exists within the miniigd SOAP service. The issue lies in the handling of the NewInternalClient requests due to a failure to sanitize user data before executing a system call. An attacker could leverage this vulnerability to execute code with root privileges. Failed exploit attempts will result in a denial-of-service  condition. Realtek SDK is a set of SDK development kit developed by Realtek",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "BID",
            "id": "74330"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          }
        ],
        "trust": 4.14
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-76306",
            "trust": 0.1,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=37169",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-8361",
            "trust": 5.2
          },
          {
            "db": "ZDI",
            "id": "ZDI-15-155",
            "trust": 3.6
          },
          {
            "db": "JVN",
            "id": "JVN47580234",
            "trust": 2.6
          },
          {
            "db": "BID",
            "id": "74330",
            "trust": 2.1
          },
          {
            "db": "DLINK",
            "id": "SAP10055",
            "trust": 2.1
          },
          {
            "db": "JVN",
            "id": "JVN67456944",
            "trust": 1.8
          },
          {
            "db": "EXPLOIT-DB",
            "id": "37169",
            "trust": 1.8
          },
          {
            "db": "PACKETSTORM",
            "id": "132090",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008",
            "trust": 1.4
          },
          {
            "db": "JVN",
            "id": "JVN74871939",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-2435",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581",
            "trust": 0.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000028",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-97587",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-76306",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "db": "BID",
            "id": "74330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "id": "VAR-201505-0274",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          }
        ],
        "trust": 0.759098647142857
      },
      "last_update_date": "2024-04-18T13:16:59.233000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "BUFFALO INC. website",
            "trust": 0.8,
            "url": "http://buffalo.jp/support_s/s20170804_2.html"
          },
          {
            "title": "\u7121\u7ddaLAN\u30eb\u30fc\u30bf\u30fc\u306a\u3069\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u88fd\u54c1\u306e\u4e00\u90e8\u306b\u304a\u3051\u308b\u8106\u5f31\u6027\u306b\u95a2\u3057\u3066",
            "trust": 0.8,
            "url": "https://www.elecom.co.jp/news/security/20210126-01/"
          },
          {
            "title": "RTL81xx",
            "trust": 0.8,
            "url": "http://www.realtek.com/search/default.aspx?keyword=rtl81"
          },
          {
            "title": "SAP10055",
            "trust": 0.8,
            "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
          },
          {
            "title": "This vulnerability is being disclosed publicly without a patch in accordance with the ZDI vulnerability disclosure policy on lack of vendor response.Vendor Contact Timeline:08/13/2014 - ZDI wrote to vendor requesting contact and PGP09/04/2014 - ZDI wrote to vendor requesting contact and PGP09/29/2014 - ZDI wrote to vendor requesting contact and PGP10/22/2014 - ZDI wrote to vendor requesting contact and PGP, indicated \"final\" email attempt and informed of intent to 0-day04/24/2015 - Public release of advisory-- Mitigation:Given the stated purpose of Realtek SDK, and the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the service to trusted machines. Only the clients and servers that have a legitimate procedural relationship with products using Realtek SDK service should be permitted to communicate with it. This could be accomplished in a number of ways, most notably with firewall rules/whitelisting. These features are available in the native Windows Firewall, as described in  and numerous other Microsoft Knowledge Base articles.",
            "trust": 0.7,
            "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx"
          },
          {
            "title": "Realtek SDK miniigd SOAP Fixes for service remote code execution vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=96763"
          },
          {
            "title": "",
            "trust": 0.1,
            "url": "https://github.com/xuguowong/mirai-mal "
          },
          {
            "title": "api.greynoise.io",
            "trust": 0.1,
            "url": "https://github.com/greynoise-intelligence/api.greynoise.io "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/gafgyt-botnet-ddos-mirai/165424/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/valve-source-engine-fortnite-servers-crippled-by-gafgyt-variant/149719/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/new-mirai-samples-grow-the-number-of-processors-targets/143566/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/huawei-router-default-credential/140234/"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/router-crapfest-malware-author-builds-18-000-strong-botnet-in-a-day/"
          },
          {
            "title": "Securelist",
            "trust": 0.1,
            "url": "https://securelist.com/threat-landscape-for-industrial-automation-systems-in-h2-2017/85053/"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/new-jenx-iot-ddos-botnet-offered-part-of-gaming-server-rental-scheme/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/jenx-botnet-has-grand-theft-auto-hook/129759/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/satori-author-linked-to-new-mirai-variant-masuta/129640/"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/satori-botnet-is-now-attacking-ethereum-mining-rigs/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/code-used-in-zero-day-huawei-router-attack-made-public/129260/"
          },
          {
            "title": "BleepingComputer",
            "trust": 0.1,
            "url": "https://www.bleepingcomputer.com/news/security/amateur-hacker-behind-satori-botnet/"
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/unpatched-router-vulnerability-could-lead-to-code-execution/112524/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-20",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-94",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-78",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-79",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-352",
            "trust": 0.8
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.9,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-15-155/"
          },
          {
            "trust": 2.4,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8361"
          },
          {
            "trust": 2.1,
            "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
          },
          {
            "trust": 1.9,
            "url": "https://www.exploit-db.com/exploits/37169/"
          },
          {
            "trust": 1.8,
            "url": "http://www.securityfocus.com/bid/74330"
          },
          {
            "trust": 1.8,
            "url": "http://jvn.jp/en/jp/jvn47580234/index.html"
          },
          {
            "trust": 1.8,
            "url": "http://jvn.jp/en/jp/jvn67456944/index.html"
          },
          {
            "trust": 1.8,
            "url": "http://packetstormsecurity.com/files/132090/realtek-sdk-miniigd-upnp-soap-command-execution.html"
          },
          {
            "trust": 1.1,
            "url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/"
          },
          {
            "trust": 1.1,
            "url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=sap10055"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/en/jp/jvn74871939/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20649"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20650"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20643"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20644"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20645"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20646"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20647"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-20648"
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/jp/jvn47580234/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8361"
          },
          {
            "trust": 0.7,
            "url": "http://technet.microsoft.com/en-us/library/cc725770%28ws.10%29.aspx"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000028.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2021/jvndb-2021-000008.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.realtek.com.tw/contact/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/20.html"
          },
          {
            "trust": 0.1,
            "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=41532"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/keksec-simps-botnet-gaming-ddos/166306/"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "db": "BID",
            "id": "74330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "db": "BID",
            "id": "74330"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-04-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "date": "2015-05-01T00:00:00",
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "date": "2015-05-01T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "date": "2015-04-24T00:00:00",
            "db": "BID",
            "id": "74330"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "date": "2021-01-26T03:12:23",
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "date": "2015-05-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "date": "2015-04-29T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "date": "2015-05-01T15:59:01.287000",
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-04-24T00:00:00",
            "db": "ZDI",
            "id": "ZDI-15-155"
          },
          {
            "date": "2019-08-14T00:00:00",
            "db": "VULHUB",
            "id": "VHN-76306"
          },
          {
            "date": "2023-09-05T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-8361"
          },
          {
            "date": "2015-05-07T18:22:00",
            "db": "BID",
            "id": "74330"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          },
          {
            "date": "2021-01-26T03:12:23",
            "db": "JVNDB",
            "id": "JVNDB-2021-000008"
          },
          {
            "date": "2015-05-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-008039"
          },
          {
            "date": "2021-04-12T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          },
          {
            "date": "2023-09-05T22:15:07.477000",
            "db": "NVD",
            "id": "CVE-2014-8361"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WSR-300HP vulnerable to arbitrary code execution",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000194"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "input validation error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-581"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-0949

    Vulnerability from variot - Updated: 2024-02-15 22:56

    OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. Multiple network devices provided by BUFFALO CORPORATION contain the following vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2022-43443 It was * A third party who can log in to the management screen of the device illegally activates the debugging function and executes arbitrary commands. - CVE-2022-43486. Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and previous versions, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and previous versions, WSR-2533DHP2 firmware Ver. 1.22 and previous versions, WSR-A2533DHP2 firmware Ver. 1.22 and previous versions, WSR-2533DHP3 firmware Ver. 1.26 and previous versions, WSR-A2533DHP3 firmware Ver. 1.26 and previous versions, WSR-2533DHPL firmware Ver. 1.08 and previous versions, WSR-2533DHPL2 firmware Ver. 1.03 and previous versions, WSR-2533DHPLS firmware Ver. 1.07 and previous versions, and WCR-1166DS firmware Ver

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-0949",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wsr-3200ax4s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.26"
          },
          {
            "model": "wsr-a2533dhp2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.22"
          },
          {
            "model": "wsr-2533dhpls",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.07"
          },
          {
            "model": "wsr-2533dhp3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.26"
          },
          {
            "model": "wsr-2533dhpl",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.08"
          },
          {
            "model": "wsr-a2533dhp3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.26"
          },
          {
            "model": "wsr-2533dhp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.08"
          },
          {
            "model": "wsr-2533dhpl2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.03"
          },
          {
            "model": "wcr-1166ds",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.34"
          },
          {
            "model": "wsr-2533dhp2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.22"
          },
          {
            "model": "wsr-3200ax4b",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.25"
          },
          {
            "model": "wsr-2533dhpl2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhplb",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhpl",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wxr-5700ax7b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-a2533dhp2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhpls",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-3200ax4b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wcr-1166ds",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wex-1800ax4ea",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhp3",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wex-1800ax4",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wxr-5700ax7s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-3200ax4s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-a2533dhp3",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-1166dhp2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wxr-11000xe12",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhp2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43443"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.26",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.22",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.22",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.26",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.26",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.08",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpl_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.08",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpl:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wcr-1166ds_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.34",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wcr-1166ds:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-43443"
          }
        ]
      },
      "cve": "CVE-2022-43443",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "Low",
                "baseScore": 6.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-002775",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-43443",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2022-002775",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-2829",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2829"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43443"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. Multiple network devices provided by BUFFALO CORPORATION contain the following vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2022-43443 It was * A third party who can log in to the management screen of the device illegally activates the debugging function and executes arbitrary commands. - CVE-2022-43486. Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and previous versions, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and previous versions, WSR-2533DHP2 firmware Ver. 1.22 and previous versions, WSR-A2533DHP2 firmware Ver. 1.22 and previous versions, WSR-2533DHP3 firmware Ver. 1.26 and previous versions, WSR-A2533DHP3 firmware Ver. 1.26 and previous versions, WSR-2533DHPL firmware Ver. 1.08 and previous versions, WSR-2533DHPL2 firmware Ver. 1.03 and previous versions, WSR-2533DHPLS firmware Ver. 1.07 and previous versions, and WCR-1166DS firmware Ver",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-43443"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-43443"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU97099584",
            "trust": 2.5
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43443",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2829",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-43443",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-43443"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2829"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43443"
          }
        ]
      },
      "id": "VAR-202212-0949",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.7416666666666667
      },
      "last_update_date": "2024-02-15T22:56:53.105000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Buffalo Co., Ltd. \u00a0 announcement page",
            "trust": 0.8,
            "url": "https://www.buffalo.jp/news/detail/20221205-01.html"
          },
          {
            "title": "Buffalo network devices Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=219178"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2829"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unpublished features (CWE-912) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43443"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://jvn.jp/en/vu/jvnvu97099584/"
          },
          {
            "trust": 1.0,
            "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu97099584/index.html"
          },
          {
            "trust": 0.7,
            "url": "https://jvn.jp/en/vu/jvnvu97099584/index.html"
          },
          {
            "trust": 0.7,
            "url": "https://www.buffalo.jp/news/detail/20221205-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-43443/"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002775.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-43443"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2829"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43443"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-43443"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2829"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43443"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-43443"
          },
          {
            "date": "2022-12-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "date": "2022-12-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-2829"
          },
          {
            "date": "2022-12-19T03:15:10.517000",
            "db": "NVD",
            "id": "CVE-2022-43443"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-43443"
          },
          {
            "date": "2024-02-14T06:39:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "date": "2022-12-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-2829"
          },
          {
            "date": "2024-02-14T07:15:08.110000",
            "db": "NVD",
            "id": "CVE-2022-43443"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2829"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in Buffalo network equipment",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2829"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-0950

    Vulnerability from variot - Updated: 2024-02-15 22:56

    OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program. Multiple network devices provided by BUFFALO CORPORATION contain the following vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2022-43466 It was * Arbitrary commands are executed when a specially crafted request is sent to the management screen by a third party who has access to the device. - CVE-2022-43443 It was * A third party who can log in to the management screen of the device illegally activates the debugging function and executes arbitrary commands. - CVE-2022-43486. Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and previous versions, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP2 firmware Ver. 1.22 and previous versions, WSR-A2533DHP2 firmware Ver. 1.22 and previous versions, WSR-2533DHP3 firmware Ver. 1.26 and previous versions, WSR-A2533DHP3 firmware Ver. 1.26 and previous versions, WSR-2533DHPL2 firmware Ver. 1.03 and previous versions, WSR-2533DHPLS firmware Ver. 1.07 and previous versions, WEX-1800AX4 firmware Ver. 1.13 and previous versions, and WEX-1800AX4EA firmware Ver

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-0950",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wsr-3200ax4s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.26"
          },
          {
            "model": "wsr-a2533dhp2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.22"
          },
          {
            "model": "wsr-2533dhpls",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.07"
          },
          {
            "model": "wsr-2533dhp3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.26"
          },
          {
            "model": "wsr-a2533dhp3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.26"
          },
          {
            "model": "wex-1800ax4",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.13"
          },
          {
            "model": "wex-1800ax4ea",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.13"
          },
          {
            "model": "wsr-2533dhpl2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.03"
          },
          {
            "model": "wsr-2533dhp2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.22"
          },
          {
            "model": "wsr-3200ax4b",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.25"
          },
          {
            "model": "wsr-2533dhpl2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhplb",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhpl",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wxr-5700ax7b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-a2533dhp2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhpls",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-3200ax4b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wcr-1166ds",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wex-1800ax4ea",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhp3",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wex-1800ax4",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wxr-5700ax7s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-3200ax4s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-a2533dhp3",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-1166dhp2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wxr-11000xe12",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhp2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43466"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.26",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.22",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.22",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.26",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.26",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wex-1800ax4_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.13",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wex-1800ax4:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wex-1800ax4ea_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.13",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wex-1800ax4ea:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-43466"
          }
        ]
      },
      "cve": "CVE-2022-43466",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "Low",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-002775",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-43466",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2022-002775",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-2830",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2830"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43466"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program. Multiple network devices provided by BUFFALO CORPORATION contain the following vulnerabilities. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. - CVE-2022-43466 It was * Arbitrary commands are executed when a specially crafted request is sent to the management screen by a third party who has access to the device. - CVE-2022-43443 It was * A third party who can log in to the management screen of the device illegally activates the debugging function and executes arbitrary commands. - CVE-2022-43486. Buffalo network devices WSR-3200AX4S firmware Ver. 1.26 and previous versions, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP2 firmware Ver. 1.22 and previous versions, WSR-A2533DHP2 firmware Ver. 1.22 and previous versions, WSR-2533DHP3 firmware Ver. 1.26 and previous versions, WSR-A2533DHP3 firmware Ver. 1.26 and previous versions, WSR-2533DHPL2 firmware Ver. 1.03 and previous versions, WSR-2533DHPLS firmware Ver. 1.07 and previous versions, WEX-1800AX4 firmware Ver. 1.13 and previous versions, and WEX-1800AX4EA firmware Ver",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-43466"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-43466"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU97099584",
            "trust": 2.5
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43466",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2830",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-43466",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-43466"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2830"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43466"
          }
        ]
      },
      "id": "VAR-202212-0950",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.7416666666666667
      },
      "last_update_date": "2024-02-15T22:56:53.081000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Buffalo Co., Ltd. \u00a0 announcement page",
            "trust": 0.8,
            "url": "https://www.buffalo.jp/news/detail/20221205-01.html"
          },
          {
            "title": "Buffalo network devices Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=219179"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2830"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unpublished features (CWE-912) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43466"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://jvn.jp/en/vu/jvnvu97099584/"
          },
          {
            "trust": 1.0,
            "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu97099584/index.html"
          },
          {
            "trust": 0.7,
            "url": "https://jvn.jp/en/vu/jvnvu97099584/index.html"
          },
          {
            "trust": 0.7,
            "url": "https://www.buffalo.jp/news/detail/20221205-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002775.html"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-43466/"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-43466"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2830"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43466"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-43466"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2830"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43466"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-43466"
          },
          {
            "date": "2022-12-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "date": "2022-12-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-2830"
          },
          {
            "date": "2022-12-19T03:15:10.577000",
            "db": "NVD",
            "id": "CVE-2022-43466"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-43466"
          },
          {
            "date": "2024-02-14T06:39:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "date": "2022-12-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-2830"
          },
          {
            "date": "2024-02-14T07:15:08.567000",
            "db": "NVD",
            "id": "CVE-2022-43466"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2830"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in Buffalo network equipment",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2830"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202212-0948

    Vulnerability from variot - Updated: 2024-02-15 22:56

    Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. Multiple network devices provided by BUFFALO CORPORATION contain the following vulnerabilities. * OS Command injection (CWE-78) - CVE-2022-43466 It was * OS Command injection (CWE-78) - CVE-2022-43443 It was * Issue with enabling undocumented debugging features (CWE-912) - CVE-2022-43486 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party who can log into the management screen of the device may CGI When a specially crafted request is sent to a program, arbitrary commands are executed when a specific management screen is opened. - CVE-2022-43466 It was * Arbitrary commands are executed when a specially crafted request is sent to the management screen by a third party who has access to the device. - CVE-2022-43443 It was * A third party who can log in to the management screen of the device illegally activates the debugging function and executes arbitrary commands. - CVE-2022-43486. 1.26 and previous versions, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and previous versions, WSR-2533DHP2 firmware Ver. 1.22 and previous versions, WSR-A2533DHP2 firmware Ver. 1.22 and previous versions, WSR-2533DHP3 firmware Ver. 1.26 and previous versions, WSR-A2533DHP3 firmware Ver. 1.26 and previous versions, WSR-2533DHPL firmware Ver. 1.08 and previous versions, WSR-2533DHPL2 firmware Ver. 1.03 and previous versions, WSR-2533DHPLS firmware Ver. 1.07 and previous versions, WCR-1166DS firmware Ver. 1.34 and previous versions, WEX-1800AX4 firmware Ver. 1.13 and previous versions, and WEX-1800AX4EA firmware Ver

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202212-0948",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wsr-3200ax4s",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.26"
          },
          {
            "model": "wsr-a2533dhp2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.22"
          },
          {
            "model": "wsr-2533dhpls",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.07"
          },
          {
            "model": "wsr-2533dhp3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.26"
          },
          {
            "model": "wsr-2533dhpl",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.08"
          },
          {
            "model": "wsr-a2533dhp3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.26"
          },
          {
            "model": "wex-1800ax4",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.13"
          },
          {
            "model": "wsr-2533dhp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.08"
          },
          {
            "model": "wex-1800ax4ea",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.13"
          },
          {
            "model": "wsr-2533dhpl2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.03"
          },
          {
            "model": "wcr-1166ds",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.34"
          },
          {
            "model": "wsr-2533dhp2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.22"
          },
          {
            "model": "wsr-3200ax4b",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.25"
          },
          {
            "model": "wsr-2533dhpl2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhplb",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhpl",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wxr-5700ax7b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-a2533dhp2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhpls",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-3200ax4b",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wcr-1166ds",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wex-1800ax4ea",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhp3",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhp",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wex-1800ax4",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wxr-5700ax7s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-3200ax4s",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-a2533dhp3",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-1166dhp2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wxr-11000xe12",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          },
          {
            "model": "wsr-2533dhp2",
            "scope": null,
            "trust": 0.8,
            "vendor": "\u30d0\u30c3\u30d5\u30a1\u30ed\u30fc",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43486"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-3200ax4s_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.26",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-3200ax4s:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-3200ax4b_firmware:1.25:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-3200ax4b:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.22",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-a2533dhp2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.22",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-a2533dhp2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp3_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.26",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-a2533dhp3_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.26",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-a2533dhp3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpl2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.03",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpl2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpls_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.07",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpls:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wex-1800ax4_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.13",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wex-1800ax4:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wex-1800ax4ea_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.13",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wex-1800ax4ea:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.08",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpl_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.08",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpl:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wcr-1166ds_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.34",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wcr-1166ds:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-43486"
          }
        ]
      },
      "cve": "CVE-2022-43486",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2022-002775",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2022-43486",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2022-002775",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202212-2828",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2828"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43486"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. Multiple network devices provided by BUFFALO CORPORATION contain the following vulnerabilities. * OS Command injection (CWE-78) - CVE-2022-43466 It was * OS Command injection (CWE-78) - CVE-2022-43443 It was * Issue with enabling undocumented debugging features (CWE-912) - CVE-2022-43486 This vulnerability information is JPCERT/CC Report to JPCERT/CC Coordinated with the developer. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. It was * A third party who can log into the management screen of the device may CGI When a specially crafted request is sent to a program, arbitrary commands are executed when a specific management screen is opened. - CVE-2022-43466 It was * Arbitrary commands are executed when a specially crafted request is sent to the management screen by a third party who has access to the device. - CVE-2022-43443 It was * A third party who can log in to the management screen of the device illegally activates the debugging function and executes arbitrary commands. - CVE-2022-43486. 1.26 and previous versions, WSR-3200AX4B firmware Ver. 1.25, WSR-2533DHP firmware Ver. 1.08 and previous versions, WSR-2533DHP2 firmware Ver. 1.22 and previous versions, WSR-A2533DHP2 firmware Ver. 1.22 and previous versions, WSR-2533DHP3 firmware Ver. 1.26 and previous versions, WSR-A2533DHP3 firmware Ver. 1.26 and previous versions, WSR-2533DHPL firmware Ver. 1.08 and previous versions, WSR-2533DHPL2 firmware Ver. 1.03 and previous versions, WSR-2533DHPLS firmware Ver. 1.07 and previous versions, WCR-1166DS firmware Ver. 1.34 and previous versions, WEX-1800AX4 firmware Ver. 1.13 and previous versions, and WEX-1800AX4EA firmware Ver",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2022-43486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-43486"
          }
        ],
        "trust": 1.71
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVNVU97099584",
            "trust": 2.5
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43486",
            "trust": 2.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775",
            "trust": 1.4
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2828",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2022-43486",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-43486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2828"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43486"
          }
        ]
      },
      "id": "VAR-202212-0948",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.7416666666666667
      },
      "last_update_date": "2024-02-15T22:56:53.056000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Buffalo Co., Ltd. \u00a0 announcement page",
            "trust": 0.8,
            "url": "https://www.buffalo.jp/news/detail/20221205-01.html"
          },
          {
            "title": "Buffalo network devices Security vulnerabilities",
            "trust": 0.6,
            "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=218326"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2828"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "OS Command injection (CWE-78) [ others ]",
            "trust": 0.8
          },
          {
            "problemtype": " Unpublished features (CWE-912) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43486"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://jvn.jp/en/vu/jvnvu97099584/"
          },
          {
            "trust": 1.0,
            "url": "https://www.buffalo.jp/news/detail/20240131-01.html"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu97099584/index.html"
          },
          {
            "trust": 0.7,
            "url": "https://jvn.jp/en/vu/jvnvu97099584/index.html"
          },
          {
            "trust": 0.7,
            "url": "https://www.buffalo.jp/news/detail/20221205-01.html"
          },
          {
            "trust": 0.6,
            "url": "https://cxsecurity.com/cveshow/cve-2022-43486/"
          },
          {
            "trust": 0.6,
            "url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-002775.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2022-43486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2828"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43486"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULMON",
            "id": "CVE-2022-43486"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2828"
          },
          {
            "db": "NVD",
            "id": "CVE-2022-43486"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-43486"
          },
          {
            "date": "2022-12-12T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "date": "2022-12-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-2828"
          },
          {
            "date": "2022-12-19T03:15:10.633000",
            "db": "NVD",
            "id": "CVE-2022-43486"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2022-12-19T00:00:00",
            "db": "VULMON",
            "id": "CVE-2022-43486"
          },
          {
            "date": "2024-02-14T06:39:00",
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          },
          {
            "date": "2022-12-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202212-2828"
          },
          {
            "date": "2024-02-14T07:15:09.107000",
            "db": "NVD",
            "id": "CVE-2022-43486"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2828"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in Buffalo network equipment",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2022-002775"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "other",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202212-2828"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-202104-0768

    Vulnerability from variot - Updated: 2024-01-17 17:38

    A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication. A path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.CVE-2021-20090 AffectedCVE-2021-20090 Affected. Arcadyan Directory traversal vulnerabilities in many routers that use software CWE-22 , CVE-2021-20090 ) Exists.A remote third party may evade authentication and view sensitive information, including valid access tokens. As a result, the router settings can be tampered with. Buffalo WSR-2533DHPL2 and WSR-2533DHP3 are routers of Japan Buffalo Company.

    Buffalo WSR-2533DHPL2 and WSR-2533DHP3 have path traversal vulnerabilities. The vulnerabilities are caused by input validation errors when processing the directory traversal sequence in the web interface. Attackers can use the vulnerabilities to bypass authentication. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0768",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wsr-2533dhp3-bk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.24"
          },
          {
            "model": "wsr-2533dhpl2-bk",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.02"
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u8907\u6570\u306e\u30d9\u30f3\u30c0",
            "version": null
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u8907\u6570\u306e\u30d9\u30f3\u30c0",
            "version": "for more information cert/cc please check the information provided by or the information provided by the discoverer."
          },
          {
            "model": "\uff08\u8907\u6570\u306e\u88fd\u54c1\uff09",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "\u8907\u6570\u306e\u30d9\u30f3\u30c0",
            "version": "(multiple products)"
          },
          {
            "model": "wsr-2533dhpl2",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.02"
          },
          {
            "model": "wsr-2533dhp3",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.24"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-56801"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20090"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhpl2-bk_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhpl2-bk:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wsr-2533dhp3-bk_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.24",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wsr-2533dhp3-bk:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20090"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This document was written by Timur Snoke.We have not received a statement from the vendor.",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#914124"
          }
        ],
        "trust": 0.8
      },
      "cve": "CVE-2021-20090",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2021-56801",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2021-20090",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "High",
                "attackVector": "Network",
                "author": "OTHER",
                "availabilityImpact": "High",
                "baseScore": 8.1,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2021-002008",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2021-20090",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2021-002008",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2021-56801",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-2010",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-202104-975",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2021-20090",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-56801"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20090"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002008"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-2010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20090"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version \u003c= 1.02 and WSR-2533DHP3 firmware version \u003c= 1.24 could allow unauthenticated remote attackers to bypass authentication. A path traversal vulnerability exists in numerous routers manufactured by multiple vendors using Arcadyan based software. This vulnerability allows an unauthenticated user access to sensitive information and allows for the alteration of the router configuration.CVE-2021-20090 AffectedCVE-2021-20090 Affected. Arcadyan Directory traversal vulnerabilities in many routers that use software CWE-22 , CVE-2021-20090 ) Exists.A remote third party may evade authentication and view sensitive information, including valid access tokens. As a result, the router settings can be tampered with. Buffalo WSR-2533DHPL2 and WSR-2533DHP3 are routers of Japan Buffalo Company. \n\r\n\r\nBuffalo WSR-2533DHPL2 and WSR-2533DHP3 have path traversal vulnerabilities. The vulnerabilities are caused by input validation errors when processing the directory traversal sequence in the web interface. Attackers can use the vulnerabilities to bypass authentication. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2021-20090"
          },
          {
            "db": "CERT/CC",
            "id": "VU#914124"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002008"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-56801"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20090"
          }
        ],
        "trust": 3.51
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2021-20090",
            "trust": 3.9
          },
          {
            "db": "CERT/CC",
            "id": "VU#914124",
            "trust": 3.3
          },
          {
            "db": "TENABLE",
            "id": "TRA-2021-13",
            "trust": 2.5
          },
          {
            "db": "CS-HELP",
            "id": "SB2021042705",
            "trust": 1.2
          },
          {
            "db": "JVN",
            "id": "JVNVU92877673",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002008",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-56801",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-2010",
            "trust": 0.6
          },
          {
            "db": "CS-HELP",
            "id": "SB2021041363",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20090",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#914124"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-56801"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20090"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002008"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-2010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20090"
          }
        ]
      },
      "id": "VAR-202104-0768",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-56801"
          }
        ],
        "trust": 1.4
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-56801"
          }
        ]
      },
      "last_update_date": "2024-01-17T17:38:11.904000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Multiple vulnerabilities in some router products and countermeasures",
            "trust": 0.8,
            "url": "https://www.buffalo.jp/news/detail/20210727-01.html"
          },
          {
            "title": "Patch for Buffalo WSR-2533DHPL2 and WSR-2533DHP3 have path traversal vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/283451"
          },
          {
            "title": "Buffalo WSR-2533DHPL2 Repair measures for path traversal vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=149797"
          },
          {
            "title": "APT-Backpack",
            "trust": 0.1,
            "url": "https://github.com/34zy/apt-backpack "
          },
          {
            "title": "Awesome-POC",
            "trust": 0.1,
            "url": "https://github.com/arrestx/--poc "
          },
          {
            "title": "Normal-POC",
            "trust": 0.1,
            "url": "https://github.com/miraitowa70/poc-notes "
          },
          {
            "title": "Normal-POC",
            "trust": 0.1,
            "url": "https://github.com/miraitowa70/pentest-notes "
          },
          {
            "title": "Awesome-POC",
            "trust": 0.1,
            "url": "https://github.com/threekiii/awesome-poc "
          },
          {
            "title": "Awesome-POC",
            "trust": 0.1,
            "url": "https://github.com/kaychenvip/vulnerability-poc "
          },
          {
            "title": "Goby_POC\nPOC \u6570\u91cf1319",
            "trust": 0.1,
            "url": "https://github.com/z0fhack/goby_poc "
          },
          {
            "title": "Known Exploited Vulnerabilities Detector",
            "trust": 0.1,
            "url": "https://github.com/ostorlab/kev "
          },
          {
            "title": "Github CVE Monitor",
            "trust": 0.1,
            "url": "https://github.com/khulnasoft-lab/awesome-security "
          },
          {
            "title": "Github CVE Monitor",
            "trust": 0.1,
            "url": "https://github.com/khulnasoft-labs/awesome-security "
          },
          {
            "title": "Kenzer Templates [5170] [DEPRECATED]",
            "trust": 0.1,
            "url": "https://github.com/arpsyndicate/kenzer-templates "
          },
          {
            "title": "Threatpost",
            "trust": 0.1,
            "url": "https://threatpost.com/auth-bypass-bug-routers-exploited/168491/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2021-56801"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20090"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002008"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-2010"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-22",
            "trust": 1.0
          },
          {
            "problemtype": "Path traversal (CWE-22) [IPA Evaluation ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002008"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20090"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://www.tenable.com/security/research/tra-2021-13"
          },
          {
            "trust": 1.7,
            "url": "https://www.kb.cert.org/vuls/id/914124"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2021-20090"
          },
          {
            "trust": 1.2,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021042705"
          },
          {
            "trust": 1.1,
            "url": "https://www.secpod.com/blog/arcadyan-based-routers-and-modems-under-active-exploitation/"
          },
          {
            "trust": 0.8,
            "url": "cve-2021-20090  "
          },
          {
            "trust": 0.8,
            "url": "https://jvn.jp/vu/jvnvu92877673/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://kb.cert.org/vuls/id/914124"
          },
          {
            "trust": 0.6,
            "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/22.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://threatpost.com/auth-bypass-bug-routers-exploited/168491/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#914124"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-56801"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20090"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002008"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-2010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20090"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#914124"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2021-56801"
          },
          {
            "db": "VULMON",
            "id": "CVE-2021-20090"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2021-002008"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-2010"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "db": "NVD",
            "id": "CVE-2021-20090"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-07-20T00:00:00",
            "db": "CERT/CC",
            "id": "VU#914124"
          },
          {
            "date": "2021-07-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-56801"
          },
          {
            "date": "2021-04-29T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-20090"
          },
          {
            "date": "2021-07-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002008"
          },
          {
            "date": "2021-04-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-2010"
          },
          {
            "date": "2021-04-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2021-04-29T15:15:10.630000",
            "db": "NVD",
            "id": "CVE-2021-20090"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2021-10-07T00:00:00",
            "db": "CERT/CC",
            "id": "VU#914124"
          },
          {
            "date": "2021-07-30T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2021-56801"
          },
          {
            "date": "2023-10-18T00:00:00",
            "db": "VULMON",
            "id": "CVE-2021-20090"
          },
          {
            "date": "2021-07-27T05:10:00",
            "db": "JVNDB",
            "id": "JVNDB-2021-002008"
          },
          {
            "date": "2022-04-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-2010"
          },
          {
            "date": "2021-04-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-202104-975"
          },
          {
            "date": "2023-10-18T01:15:24.427000",
            "db": "NVD",
            "id": "CVE-2021-20090"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-2010"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Arcadyan-based routers and modems vulnerable to authentication bypass",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#914124"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "path traversal",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-202104-2010"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-0901

    Vulnerability from variot - Updated: 2023-12-18 14:01

    WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an OS command injection vulnerability (CWE-78). Kiyotaka ATSUMI of LAC Co., Ltd. reported this vulnerability to IPA. Enables a locally authenticated attacker to perform command injection attacks. A security vulnerability exists in Buffalo WNC01WH devices using firmware versions 1.0.0.9 and earlier

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0901",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wnc01wh",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.0.0.9"
          },
          {
            "model": "wnc01wh",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "version 1.0.0.9"
          },
          {
            "model": "wnc01wh",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.0.0.8"
          },
          {
            "model": "wnc01wh",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "1.0.0.9"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-05872"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000072"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2152"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-096"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo_inc:wnc01wh_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.0.0.9",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo_inc:wnc01wh:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2152"
          }
        ]
      },
      "cve": "CVE-2017-2152",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000072",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 3.1,
                "id": "CNVD-2017-05872",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "VHN-110355",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000072",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2152",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000072",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-05872",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201705-096",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110355",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-05872"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000072"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2152"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-096"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an OS command injection vulnerability (CWE-78). Kiyotaka ATSUMI of LAC Co., Ltd. reported this vulnerability to IPA. Enables a locally authenticated attacker to perform command injection attacks. A security vulnerability exists in Buffalo WNC01WH devices using firmware versions 1.0.0.9 and earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2152"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000072"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05872"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110355"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2152",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN48790793",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000072",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-096",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05872",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110355",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-05872"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000072"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2152"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-096"
          }
        ]
      },
      "id": "VAR-201704-0901",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-05872"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110355"
          }
        ],
        "trust": 1.2833333
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-05872"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:01:39.287000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "BUFFALO INC. website",
            "trust": 0.8,
            "url": "http://buffalo.jp/support_s/s20161201.html"
          },
          {
            "title": "BuffaloWNC01WH command injection vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/93146"
          },
          {
            "title": "Buffalo WNC01WH Fixes for operating system command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69771"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-05872"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000072"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-096"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000072"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2152"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://jvn.jp/en/jp/jvn48790793/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2152"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2152"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn48790793/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-05872"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000072"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2152"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-096"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-05872"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110355"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000072"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2152"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-096"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-05872"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110355"
          },
          {
            "date": "2017-04-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000072"
          },
          {
            "date": "2017-04-28T16:59:02.027000",
            "db": "NVD",
            "id": "CVE-2017-2152"
          },
          {
            "date": "2017-04-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-096"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-04T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-05872"
          },
          {
            "date": "2017-05-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110355"
          },
          {
            "date": "2017-06-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000072"
          },
          {
            "date": "2017-05-06T00:08:31.967000",
            "db": "NVD",
            "id": "CVE-2017-2152"
          },
          {
            "date": "2017-05-09T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201705-096"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-096"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WNC01WH vulnerable to OS command injection",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000072"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201705-096"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201606-0175

    Vulnerability from variot - Updated: 2023-12-18 13:57

    BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. Multiple Buffalo wireless LAN routers contain an information disclosure vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information such as authentication credentials may be disclosed by an unauthenticated remote attacker. The Buffalo WZR-600DHP3 and WZR-S600DHP are both wireless router products of the Buffalo Group in Japan. A remote attacker can exploit this vulnerability to obtain sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201606-0175",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wzr-hp-g302h",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.83"
          },
          {
            "model": "wzr-600dhp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.97"
          },
          {
            "model": "hw-450hp-zwe",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.91"
          },
          {
            "model": "wapm-ag300n",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "2.62"
          },
          {
            "model": "whr-hp-g300n",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.96"
          },
          {
            "model": "wapm-apg300n",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "2.62"
          },
          {
            "model": "whr-300hp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.96"
          },
          {
            "model": "wzr-s600dhp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "2.16"
          },
          {
            "model": "wzr-1166dhp2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "2.13"
          },
          {
            "model": "wzr-450hp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.97"
          },
          {
            "model": "wzr-d1100h",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.96"
          },
          {
            "model": "wzr-900dhp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.11"
          },
          {
            "model": "wzr-hp-g300nh",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.81"
          },
          {
            "model": "wzr-hp-ag300h",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.73"
          },
          {
            "model": "wzr-900dhp2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "2.16"
          },
          {
            "model": "whr-300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.96"
          },
          {
            "model": "bhr-4grv",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.96"
          },
          {
            "model": "wzr-300hp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.96"
          },
          {
            "model": "wzr-hp-g450h",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.87"
          },
          {
            "model": "wcr-300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.86"
          },
          {
            "model": "wzr-1750dhp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "2.28"
          },
          {
            "model": "wxr-1900dhp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "2.34"
          },
          {
            "model": "wzr-900dhp2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.13"
          },
          {
            "model": "wzr-450hp-ub",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.96"
          },
          {
            "model": "wzr-1166dhp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "2.13"
          },
          {
            "model": "wzr-1750dhp2",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "2.28"
          },
          {
            "model": "wzr-600dhp3",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "2.16"
          },
          {
            "model": "wzr-hp-g301nh",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.81"
          },
          {
            "model": "wxr-1750dhp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "2.42"
          },
          {
            "model": "wzr-450hp-cwt",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.92"
          },
          {
            "model": "wzr-s1750dhp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "2.28"
          },
          {
            "model": "wpl-05g300",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.86"
          },
          {
            "model": "wzr-s900dhp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "2.16"
          },
          {
            "model": "fs-600dhp",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "3.34"
          },
          {
            "model": "dwr-hp-g300nh",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.81"
          },
          {
            "model": "wzr-600dhp3",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.2.16"
          },
          {
            "model": "wzr-s600dhp",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.2.16"
          },
          {
            "model": "wzr-600dhp3 \u003c=ver.2.16",
            "scope": null,
            "trust": 0.6,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "wzr-s600dhp \u003c=ver.2.16",
            "scope": null,
            "trust": 0.6,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "wzr-600dhp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "wzr-450hp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "wzr-hp-g301nh",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "wzr-600dhp3",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "wxr-1750dhp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "wzr-450hp-cwt",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "hw-450hp-zwe",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "wzr-900dhp2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "wcr-300",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "wzr-hp-g450h",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000087"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-674"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-600dhp3:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-600dhp3_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.16",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:hw-450hp-zwe:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:hw-450hp-zwe_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.91",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-hp-g450h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-hp-g450h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.87",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-450hp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-450hp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.97",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-900dhp2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-900dhp2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.16",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wcr-300:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wcr-300_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.86",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-450hp-cwt:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-450hp-cwt_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.92",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-hp-g301nh:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-hp-g301nh_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.81",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wxr-1750dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wxr-1750dhp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.42",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-600dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-600dhp_firmware:1.97:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-1750dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-1750dhp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.28",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-s1750dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-s1750dhp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.28",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:whr-300:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:whr-300_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.96",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-s600dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-s600dhp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.16",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-hp-g302h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-hp-g302h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.83",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wapm-ag300n:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wapm-ag300n_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.62",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-hp-ag300h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-hp-ag300h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.73",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-d1100h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-d1100h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.96",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wpl-05g300:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wpl-05g300_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.86",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-s900dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-s900dhp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.16",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:dwr-hp-g300nh:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:dwr-hp-g300nh_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.81",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:whr-300hp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:whr-300hp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.96",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-1750dhp2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-1750dhp2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.28",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-1166dhp2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-1166dhp2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.13",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-300hp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-300hp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.96",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wapm-apg300n:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wapm-apg300n_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.62",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-900dhp2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-900dhp2_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.13",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wxr-1900dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wxr-1900dhp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.34",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-900dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-900dhp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.11",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-1166dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-1166dhp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.13",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:whr-hp-g300n:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:whr-hp-g300n_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.96",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:bhr-4grv:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:bhr-4grv_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.96",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-450hp-ub:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-450hp-ub_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.96",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wzr-hp-g300nh:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wzr-hp-g300nh_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.81",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:fs-600dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:fs-600dhp_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "3.34",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4816"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.",
        "sources": [
          {
            "db": "BID",
            "id": "90905"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-674"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2016-4816",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000087",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2016-03694",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-93635",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000087",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-4816",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000087",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-03694",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201605-674",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-93635",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03694"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93635"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000087"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-674"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. Multiple Buffalo wireless LAN routers contain an information disclosure vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information such as authentication credentials may be disclosed by an unauthenticated remote attacker. The Buffalo WZR-600DHP3 and WZR-S600DHP are both wireless router products of the Buffalo Group in Japan. A remote attacker can exploit this vulnerability to obtain sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-4816"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000087"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-03694"
          },
          {
            "db": "BID",
            "id": "90905"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93635"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-4816",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000087",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN75813272",
            "trust": 3.1
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-674",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-03694",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "90905",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-93635",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03694"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93635"
          },
          {
            "db": "BID",
            "id": "90905"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000087"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-674"
          }
        ]
      },
      "id": "VAR-201606-0175",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03694"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93635"
          }
        ],
        "trust": 1.0713480954545453
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03694"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:57:33.264000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "BUFFALO INC. website",
            "trust": 0.8,
            "url": "http://buffalo.jp/support_s/s20160527a.html"
          },
          {
            "title": "Patch for BuffaloWZR-600DHP3 and WZR-S600DHP Information Disclosure Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/76685"
          },
          {
            "title": "Buffalo WZR-600DHP3  and WZR-S600DHP Repair measures for information disclosure vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61984"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03694"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000087"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-674"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-93635"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000087"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4816"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://jvn.jp/en/jp/jvn75813272/index.html"
          },
          {
            "trust": 2.3,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000087"
          },
          {
            "trust": 1.7,
            "url": "http://buffalo.jp/support_s/s20160527a.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4816"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4816"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03694"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93635"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000087"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-674"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-03694"
          },
          {
            "db": "VULHUB",
            "id": "VHN-93635"
          },
          {
            "db": "BID",
            "id": "90905"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000087"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-4816"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-674"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-05-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-03694"
          },
          {
            "date": "2016-06-19T00:00:00",
            "db": "VULHUB",
            "id": "VHN-93635"
          },
          {
            "date": "2016-05-27T00:00:00",
            "db": "BID",
            "id": "90905"
          },
          {
            "date": "2016-05-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000087"
          },
          {
            "date": "2016-06-19T01:59:11.043000",
            "db": "NVD",
            "id": "CVE-2016-4816"
          },
          {
            "date": "2016-05-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201605-674"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-05-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-03694"
          },
          {
            "date": "2016-06-21T00:00:00",
            "db": "VULHUB",
            "id": "VHN-93635"
          },
          {
            "date": "2016-05-27T00:00:00",
            "db": "BID",
            "id": "90905"
          },
          {
            "date": "2016-06-27T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000087"
          },
          {
            "date": "2016-06-21T13:09:59.877000",
            "db": "NVD",
            "id": "CVE-2016-4816"
          },
          {
            "date": "2016-06-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201605-674"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-674"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple Buffalo wireless LAN routers vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000087"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-674"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0137

    Vulnerability from variot - Updated: 2023-12-18 13:56

    Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. Buffalo TS5600D1206 Contains vulnerabilities in authorization, authority, and access control.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The Buffalo TS5600D1206 is a network storage device from the Buffalo Group in Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0137",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts5600d1206",
            "scope": "eq",
            "trust": 3.0,
            "vendor": "buffalo",
            "version": "3.61-0.10"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00675"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012562"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-730"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:ts5600d1206_firmware:3.61-0.10:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:ts5600d1206:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-13324"
          }
        ]
      },
      "cve": "CVE-2018-13324",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-13324",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-00675",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-123372",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-13324",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-13324",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-00675",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-730",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-123372",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00675"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012562"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-730"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. Buffalo TS5600D1206 Contains vulnerabilities in authorization, authority, and access control.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The Buffalo TS5600D1206 is a network storage device from the Buffalo Group in Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-13324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012562"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-00675"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123372"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-13324",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012562",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-730",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-00675",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-123372",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00675"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012562"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-730"
          }
        ]
      },
      "id": "VAR-201811-0137",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00675"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123372"
          }
        ],
        "trust": 1.325
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00675"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:56:50.826000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Replacement Hard Drives for TeraStation 3000 and 5000 Series",
            "trust": 0.8,
            "url": "https://www.buffalotech.com/products/replacement-hard-drives-for-terastation-3000-and-5000-series"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012562"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-863",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-123372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012562"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13324"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13324"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13324"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00675"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012562"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-730"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00675"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012562"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-730"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-00675"
          },
          {
            "date": "2018-11-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-123372"
          },
          {
            "date": "2019-02-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012562"
          },
          {
            "date": "2018-11-26T23:29:00.767000",
            "db": "NVD",
            "id": "CVE-2018-13324"
          },
          {
            "date": "2018-11-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-730"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-00675"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-123372"
          },
          {
            "date": "2019-02-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012562"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2018-13324"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-730"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-730"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffalo TS5600D1206 Access Control Error Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00675"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-730"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-730"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0132

    Vulnerability from variot - Updated: 2023-12-18 13:52

    Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. Buffalo TS5600D1206 Contains an information disclosure vulnerability.Information may be obtained. The Buffalo TS5600D1206 is a network storage device from the Buffalo Group in Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0132",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts5600d1206",
            "scope": "eq",
            "trust": 3.0,
            "vendor": "buffalo",
            "version": "3.61-0.10"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012807"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13319"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-725"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:ts5600d1206_firmware:3.61-0.10:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:ts5600d1206:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-13319"
          }
        ]
      },
      "cve": "CVE-2018-13319",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-13319",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-00673",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-13319",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-13319",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-00673",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-725",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012807"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13319"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-725"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. Buffalo TS5600D1206 Contains an information disclosure vulnerability.Information may be obtained. The Buffalo TS5600D1206 is a network storage device from the Buffalo Group in Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-13319"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012807"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-00673"
          }
        ],
        "trust": 2.16
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-13319",
            "trust": 3.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012807",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-00673",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-725",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012807"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13319"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-725"
          }
        ]
      },
      "id": "VAR-201811-0132",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00673"
          }
        ],
        "trust": 1.225
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00673"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:52:31.239000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Replacement Hard Drives for TeraStation 3000 and 5000 Series",
            "trust": 0.8,
            "url": "https://www.buffalotech.com/products/replacement-hard-drives-for-terastation-3000-and-5000-series"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012807"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012807"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13319"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.4,
            "url": "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13319"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13319"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012807"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13319"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-725"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00673"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012807"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13319"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-725"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-00673"
          },
          {
            "date": "2019-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012807"
          },
          {
            "date": "2018-11-26T23:29:00.580000",
            "db": "NVD",
            "id": "CVE-2018-13319"
          },
          {
            "date": "2018-11-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-725"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-00673"
          },
          {
            "date": "2019-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012807"
          },
          {
            "date": "2018-12-31T18:11:54.307000",
            "db": "NVD",
            "id": "CVE-2018-13319"
          },
          {
            "date": "2018-11-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-725"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-725"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffalo TS5600D1206 Vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012807"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-725"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201708-0364

    Vulnerability from variot - Updated: 2023-12-18 13:48

    Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability (CWE-78). Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who can access the administrative console of the device may execute an arbitrary OS command. Buffalo WCR-1166DS with firmware version 1.30 and earlier has a security vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0364",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wcr-1166ds",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "buffalo",
            "version": "1.30"
          },
          {
            "model": "wcr-1166ds",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "firmware 1.30"
          },
          {
            "model": "wcr-1166ds",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.30"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-27316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000192"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-10811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-980"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wcr-1166ds_firmware:1.30:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wcr-1166ds:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-10811"
          }
        ]
      },
      "cve": "CVE-2017-10811",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.1,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Adjacent Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 5.2,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000192",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.2,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.1,
                "id": "CNVD-2017-27316",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.7,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 5.1,
                "id": "VHN-101171",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 0.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Adjacent Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 6.8,
                "baseSeverity": "Medium",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000192",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-10811",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000192",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-27316",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201708-980",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-101171",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-27316"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000192"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-10811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-980"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability (CWE-78). Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who can access the administrative console of the device may execute an arbitrary OS command. Buffalo WCR-1166DS with firmware version 1.30 and earlier has a security vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-10811"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000192"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-27316"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101171"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN05340005",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2017-10811",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000192",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-980",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-27316",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-101171",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-27316"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000192"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-10811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-980"
          }
        ]
      },
      "id": "VAR-201708-0364",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-27316"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101171"
          }
        ],
        "trust": 1.325
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-27316"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:48:31.446000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "BUFFALO INC. website",
            "trust": 0.8,
            "url": "http://buffalo.jp/support_s/s20170804_1.html"
          },
          {
            "title": "Patch for WCR-1166DSOS Command Injection Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/99783"
          },
          {
            "title": "Buffalo WCR-1166DS Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74234"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-27316"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000192"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-980"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-101171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000192"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-10811"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://jvn.jp/en/jp/jvn05340005/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://buffalo.jp/support_s/s20170804_1.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10811"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10811"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn05340005/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-27316"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000192"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-10811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-980"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-27316"
          },
          {
            "db": "VULHUB",
            "id": "VHN-101171"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000192"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-10811"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-980"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-08-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-27316"
          },
          {
            "date": "2017-08-18T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101171"
          },
          {
            "date": "2017-08-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000192"
          },
          {
            "date": "2017-08-18T13:29:00.203000",
            "db": "NVD",
            "id": "CVE-2017-10811"
          },
          {
            "date": "2017-08-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-980"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-19T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-27316"
          },
          {
            "date": "2017-08-25T00:00:00",
            "db": "VULHUB",
            "id": "VHN-101171"
          },
          {
            "date": "2018-02-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000192"
          },
          {
            "date": "2017-08-25T12:27:35.447000",
            "db": "NVD",
            "id": "CVE-2017-10811"
          },
          {
            "date": "2017-08-24T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201708-980"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-980"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WCR-1166DS vulnerable to OS command injection",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000192"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201708-980"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201707-0432

    Vulnerability from variot - Updated: 2023-12-18 13:44

    WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors. WAPM-1166D and WAPM-APG600H provided by BUFFALO INC. are wireless LAN access point devices. WAPM-1166D and WAPM-APG600H do not properly perform authentication (CWE-287). SASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA. There is a security vulnerability in the WAPM-1166D using firmware version 1.2.7 and earlier and the WAPM-APG600H using firmware version 1.16.1 and earlier

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0432",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wapm-1166d",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.2.7"
          },
          {
            "model": "wapm-apg600h",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.16.1"
          },
          {
            "model": "wapm-1166d",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.2.7"
          },
          {
            "model": "wapm-apg600h",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.16.1"
          },
          {
            "model": "wapm-1166d",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.2.7"
          },
          {
            "model": "wapm-apg600h",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.16.1"
          },
          {
            "model": "wapm-1166d",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "1.2.7"
          },
          {
            "model": "wapm-apg600h",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "1.16.1"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000179"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2126"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1103"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wapm-1166d_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.2.7",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wapm-1166d:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wapm-apg600h_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.16.1",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wapm-apg600h:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2126"
          }
        ]
      },
      "cve": "CVE-2017-2126",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000179",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-24403",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-110329",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULMON",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-2126",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.1,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000179",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2017-2126",
                "trust": 1.0,
                "value": "CRITICAL"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2017-000179",
                "trust": 0.8,
                "value": "Critical"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-24403",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-1103",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110329",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2017-2126",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24403"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110329"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2126"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000179"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2126"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1103"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors. WAPM-1166D and WAPM-APG600H provided by BUFFALO INC. are wireless LAN access point devices. WAPM-1166D and WAPM-APG600H do not properly perform authentication (CWE-287). SASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA. There is a security vulnerability in the WAPM-1166D using firmware version 1.2.7 and earlier and the WAPM-APG600H using firmware version 1.16.1 and earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2126"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000179"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24403"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110329"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2126"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN48823557",
            "trust": 3.2
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2126",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000179",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24403",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1103",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110329",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2126",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24403"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110329"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2126"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000179"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2126"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1103"
          }
        ]
      },
      "id": "VAR-201707-0432",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24403"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110329"
          }
        ],
        "trust": 1.325
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24403"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:44:00.495000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "BUFFALO INC. website",
            "trust": 0.8,
            "url": "http://buffalo.jp/support_s/s20170718.html"
          },
          {
            "title": "Patches for the BUFFALOWAPM-1166D and WAPM-APG600H authentication bypass vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/101440"
          },
          {
            "title": "BUFFALO WAPM-1166D  and WAPM-APG600H Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71989"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000179"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1103"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110329"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000179"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2126"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "https://jvn.jp/en/jp/jvn48823557/index.html"
          },
          {
            "trust": 1.8,
            "url": "http://buffalo.jp/support_s/s20170718.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2126"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/287.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24403"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110329"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2126"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000179"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2126"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1103"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24403"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110329"
          },
          {
            "db": "VULMON",
            "id": "CVE-2017-2126"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000179"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2126"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1103"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24403"
          },
          {
            "date": "2017-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110329"
          },
          {
            "date": "2017-07-22T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2126"
          },
          {
            "date": "2017-07-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000179"
          },
          {
            "date": "2017-07-22T00:29:00.187000",
            "db": "NVD",
            "id": "CVE-2017-2126"
          },
          {
            "date": "2017-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1103"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24403"
          },
          {
            "date": "2017-07-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110329"
          },
          {
            "date": "2017-07-27T00:00:00",
            "db": "VULMON",
            "id": "CVE-2017-2126"
          },
          {
            "date": "2017-07-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000179"
          },
          {
            "date": "2017-07-27T13:00:45.067000",
            "db": "NVD",
            "id": "CVE-2017-2126"
          },
          {
            "date": "2017-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1103"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1103"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple Buffalo wireless LAN access point devices do not properly perform authentication",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000179"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1103"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201905-0807

    Vulnerability from variot - Updated: 2023-12-18 13:28

    An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter. Open XDMoD Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Open XDMoD is an open source tool for managing high-performance computing resources. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201905-0807",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "open xdmod",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "7.5.0"
          },
          {
            "model": "open xdmod",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "university at buffalo",
            "version": "7.5.0"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015304"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-16960"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalo:open_xdmod:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.5.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-16960"
          }
        ]
      },
      "cve": "CVE-2018-16960",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-16960",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-127372",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-16960",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-16960",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201905-087",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-127372",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-16960",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-127372"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-16960"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015304"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-16960"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-087"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter. Open XDMoD Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Open XDMoD is an open source tool for managing high-performance computing resources. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-16960"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015304"
          },
          {
            "db": "VULHUB",
            "id": "VHN-127372"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-16960"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-16960",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015304",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-087",
            "trust": 0.7
          },
          {
            "db": "VULHUB",
            "id": "VHN-127372",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-16960",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-127372"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-16960"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015304"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-16960"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-087"
          }
        ]
      },
      "id": "VAR-201905-0807",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-127372"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:28:32.914000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.buffalo.edu/ccr.html"
          },
          {
            "title": "Open XDMoD Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92214"
          },
          {
            "title": "CVE",
            "trust": 0.1,
            "url": "https://github.com/grymer/cve "
          }
        ],
        "sources": [
          {
            "db": "VULMON",
            "id": "CVE-2018-16960"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015304"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-087"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-127372"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015304"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-16960"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://github.com/grymer/cve/blob/master/cve-2018-16960.md"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16960"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16960"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://github.com/grymer/cve"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-127372"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-16960"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015304"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-16960"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-087"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-127372"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-16960"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015304"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-16960"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-087"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-02T00:00:00",
            "db": "VULHUB",
            "id": "VHN-127372"
          },
          {
            "date": "2019-05-02T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-16960"
          },
          {
            "date": "2019-05-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015304"
          },
          {
            "date": "2019-05-02T20:29:00.507000",
            "db": "NVD",
            "id": "CVE-2018-16960"
          },
          {
            "date": "2019-05-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-087"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-05-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-127372"
          },
          {
            "date": "2019-05-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-16960"
          },
          {
            "date": "2019-05-23T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-015304"
          },
          {
            "date": "2019-05-03T19:21:51.163000",
            "db": "NVD",
            "id": "CVE-2018-16960"
          },
          {
            "date": "2019-05-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201905-087"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-087"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Open XDMoD Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-015304"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201905-087"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201512-0330

    Vulnerability from variot - Updated: 2023-12-18 13:24

    Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. Buffalo AirStation Extreme N600 Router WZR-600DHP2, firmware versions 2.09, 2.13, 2.16, and possibly others, uses insufficiently random values for DNS queries and is vulnerable to DNS spoofing attacks. Buffalo Wireless provided by LAN Router WZR-600DHP2 Has the problem of using insufficient random values. Insufficient random value used (CWE-330) - CVE-2015-8262 WZR-600DHP2 Sent from DNS The query source port number is fixed. Also, DNS Used for queries TXID Is 0x0002 It increases gradually and can be predicted from the outside. The attacker DNS By spoofing, LAN It is possible to guide the terminal inside to a malicious server. CWE-330: Use of Insufficiently Random Values http://cwe.mitre.org/data/definitions/330.htmlBy a remote attacker DNS The response is forged, LAN May be directed to a malicious server. Buffalo AirStation Extreme N600 WZR-600DHP2 is a router product of the Buffalo Group in Japan. A security bypass vulnerability exists in the Buffalo AirStation Extreme N600 WZR-600DHP2 Router. An attacker could exploit the vulnerability to bypass security restrictions and gain unauthorized access. This may aid in further attacks

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0330",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "airstation extreme n600",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "buffalotech",
            "version": "2.13"
          },
          {
            "model": "airstation extreme n600",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "buffalotech",
            "version": "2.09"
          },
          {
            "model": "airstation extreme n600",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "buffalotech",
            "version": "2.16"
          },
          {
            "model": "airstation extreme n600",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "wzr-600dhp2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "version 2.09"
          },
          {
            "model": "wzr-600dhp2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "version 2.13"
          },
          {
            "model": "wzr-600dhp2",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "version 2.16"
          },
          {
            "model": "airstation extreme n600 wzr-600dhp2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "2.09"
          },
          {
            "model": "airstation extreme n600 wzr-600dhp2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "2.13"
          },
          {
            "model": "airstation extreme n600 wzr-600dhp2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "2.16"
          },
          {
            "model": "technology airstation extreme n600 wzr-600dhp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "2.16"
          },
          {
            "model": "technology airstation extreme n600 wzr-600dhp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "2.13"
          },
          {
            "model": "technology airstation extreme n600 wzr-600dhp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "2.09"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#646008"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-08281"
          },
          {
            "db": "BID",
            "id": "78877"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006309"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-8262"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-419"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalotech:airstation_extreme_n600_firmware:2.16:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalotech:airstation_extreme_n600_firmware:2.13:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      },
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalotech:airstation_extreme_n600_firmware:2.09:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalotech:airstation_extreme_n600:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-8262"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Joel Land of the CERT/CC",
        "sources": [
          {
            "db": "BID",
            "id": "78877"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-419"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2015-8262",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 5.0,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "NONE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 1.1,
                "exploitability": "PROOF-OF-CONCEPT",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-8262",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "UNAVAILABLE",
                "reportConfidence": "CONFIRMED",
                "severity": "MEDIUM",
                "targetDistribution": "LOW",
                "trust": 0.8,
                "userInterationRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2015-8262",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-08281",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "VHN-86223",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 2.2,
                "impactScore": 4.0,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2015-8262",
                "trust": 2.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-08281",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201512-419",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-86223",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#646008"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-08281"
          },
          {
            "db": "VULHUB",
            "id": "VHN-86223"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006309"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-8262"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-419"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. Buffalo AirStation Extreme N600 Router WZR-600DHP2, firmware versions 2.09, 2.13, 2.16, and possibly others, uses insufficiently random values for DNS queries and is vulnerable to DNS spoofing attacks. Buffalo Wireless provided by LAN Router WZR-600DHP2 Has the problem of using insufficient random values. Insufficient random value used (CWE-330) - CVE-2015-8262 WZR-600DHP2 Sent from DNS The query source port number is fixed. Also, DNS Used for queries TXID Is 0x0002 It increases gradually and can be predicted from the outside. The attacker DNS By spoofing, LAN It is possible to guide the terminal inside to a malicious server. CWE-330: Use of Insufficiently Random Values http://cwe.mitre.org/data/definitions/330.htmlBy a remote attacker DNS The response is forged, LAN May be directed to a malicious server. Buffalo AirStation Extreme N600 WZR-600DHP2 is a router product of the Buffalo Group in Japan. A security bypass vulnerability exists in the Buffalo AirStation Extreme N600 WZR-600DHP2 Router. An attacker could exploit the vulnerability to bypass security restrictions and gain unauthorized access. This may aid in further attacks",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-8262"
          },
          {
            "db": "CERT/CC",
            "id": "VU#646008"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006309"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-08281"
          },
          {
            "db": "BID",
            "id": "78877"
          },
          {
            "db": "VULHUB",
            "id": "VHN-86223"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-8262",
            "trust": 4.2
          },
          {
            "db": "CERT/CC",
            "id": "VU#646008",
            "trust": 3.6
          },
          {
            "db": "BID",
            "id": "78877",
            "trust": 2.6
          },
          {
            "db": "JVN",
            "id": "JVNVU93831077",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006309",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-419",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-08281",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-86223",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#646008"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-08281"
          },
          {
            "db": "VULHUB",
            "id": "VHN-86223"
          },
          {
            "db": "BID",
            "id": "78877"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006309"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-8262"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-419"
          }
        ]
      },
      "id": "VAR-201512-0330",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-08281"
          },
          {
            "db": "VULHUB",
            "id": "VHN-86223"
          }
        ],
        "trust": 1.310714285
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-08281"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:24:40.228000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "AirStation Extreme N600 Router",
            "trust": 0.8,
            "url": "http://www.buffalotech.com/products/wireless/dual-band-routers/airstation-extreme-n600-router"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006309"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006309"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-8262"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://www.kb.cert.org/vuls/id/646008"
          },
          {
            "trust": 2.3,
            "url": "http://www.securityfocus.com/bid/78877"
          },
          {
            "trust": 0.8,
            "url": "http://www.buffalotech.com/products/wireless/dual-band-routers/airstation-extreme-n600-router"
          },
          {
            "trust": 0.8,
            "url": "http://www.buffalotech.com/support-and-downloads/download/wzr600dhp2-us-217.zip"
          },
          {
            "trust": 0.8,
            "url": "http://www.buffalotech.com/support-and-downloads/download/wzr600dhp2-us-217.txt"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8262"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu93831077/index.html"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8262"
          },
          {
            "trust": 0.3,
            "url": "http://www.buffalotech.com/products/wireless/wireless-n-routers-access-points/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#646008"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-08281"
          },
          {
            "db": "VULHUB",
            "id": "VHN-86223"
          },
          {
            "db": "BID",
            "id": "78877"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006309"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-8262"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-419"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#646008"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-08281"
          },
          {
            "db": "VULHUB",
            "id": "VHN-86223"
          },
          {
            "db": "BID",
            "id": "78877"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-006309"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-8262"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-419"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-12-10T00:00:00",
            "db": "CERT/CC",
            "id": "VU#646008"
          },
          {
            "date": "2015-12-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-08281"
          },
          {
            "date": "2015-12-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-86223"
          },
          {
            "date": "2015-12-10T00:00:00",
            "db": "BID",
            "id": "78877"
          },
          {
            "date": "2015-12-14T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006309"
          },
          {
            "date": "2015-12-27T03:59:04.973000",
            "db": "NVD",
            "id": "CVE-2015-8262"
          },
          {
            "date": "2015-12-15T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201512-419"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-01-25T00:00:00",
            "db": "CERT/CC",
            "id": "VU#646008"
          },
          {
            "date": "2015-12-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-08281"
          },
          {
            "date": "2016-11-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-86223"
          },
          {
            "date": "2015-12-10T00:00:00",
            "db": "BID",
            "id": "78877"
          },
          {
            "date": "2016-01-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-006309"
          },
          {
            "date": "2016-11-28T19:46:14.217000",
            "db": "NVD",
            "id": "CVE-2015-8262"
          },
          {
            "date": "2015-12-28T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201512-419"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-419"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffalo AirStation Extreme N600 Router WZR-600DHP2 uses insufficiently random values for DNS queries",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#646008"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201512-419"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201601-0400

    Vulnerability from variot - Updated: 2023-12-18 13:24

    Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiple network devices provided by BUFFALO INC. contain a cross-site scripting vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the logged in user's web browser. Buffalo is the wireless router product of the Buffalo Group. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Buffalo BHR-4GRV2 etc

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201601-0400",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wex-300",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.90"
          },
          {
            "model": "wmr-433",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.01"
          },
          {
            "model": "whr-600d",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.90"
          },
          {
            "model": "wmr-300",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.90"
          },
          {
            "model": "whr-1166dhp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.90"
          },
          {
            "model": "bhr-4grv2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.04"
          },
          {
            "model": "wsr-1166dhp",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.01"
          },
          {
            "model": "whr-300hp2",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.90"
          },
          {
            "model": "bhr-4grv2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.04"
          },
          {
            "model": "wex-300",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.90"
          },
          {
            "model": "whr-1166dhp",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.90"
          },
          {
            "model": "whr-300hp2",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.90"
          },
          {
            "model": "whr-600d",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.90"
          },
          {
            "model": "wmr-300",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.90"
          },
          {
            "model": "wmr-433",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.01"
          },
          {
            "model": "wsr-1166dhp",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.01"
          },
          {
            "model": "bhr-4grv2",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.04"
          },
          {
            "model": "wex-300",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.90"
          },
          {
            "model": "whr-1166dhp",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.90"
          },
          {
            "model": "whr-300hp2",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.90"
          },
          {
            "model": "whr-600d",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.90"
          },
          {
            "model": "wmr-300",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.90"
          },
          {
            "model": "wmr-433",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.01"
          },
          {
            "model": "wsr-1166dhp",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.01"
          },
          {
            "model": "whr-600d",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "whr-300hp2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "wex-300",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "whr-1166dhp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "wmr-300",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "wsr-1166dhp",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "wmr-433",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "bhr-4grv2",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "technology wsr-1166dhp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.01"
          },
          {
            "model": "technology wmr-300",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.90"
          },
          {
            "model": "technology wmr-300",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.60"
          },
          {
            "model": "technology whr-600d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.90"
          },
          {
            "model": "technology whr-600d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.80"
          },
          {
            "model": "technology whr-600d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.70"
          },
          {
            "model": "technology whr-600d",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.60"
          },
          {
            "model": "technology whr-300hp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.90"
          },
          {
            "model": "technology whr-300hp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.80"
          },
          {
            "model": "technology whr-300hp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.70"
          },
          {
            "model": "technology whr-300hp2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.60"
          },
          {
            "model": "technology whr-1166dhp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.90"
          },
          {
            "model": "technology whr-1166dhp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.80"
          },
          {
            "model": "technology whr-1166dhp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.70"
          },
          {
            "model": "technology whr-1166dhp",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.60"
          },
          {
            "model": "technology wex-300",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.90"
          },
          {
            "model": "technology wex-300",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.60"
          },
          {
            "model": "technology bhr-4grv2",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.04"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00707"
          },
          {
            "db": "BID",
            "id": "81548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000006"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-605"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalotech:wmr-300:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalotech:wmr-300_firmware:1.90:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalotech:wex-300:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalotech:wex-300_firmware:1.90:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalotech:wmr-433:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalotech:wmr-433_firmware:1.01:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalotech:bhr-4grv2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalotech:bhr-4grv2_firmware:1.04:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalotech:whr-300hp2:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalotech:whr-300hp2_firmware:1.90:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalotech:whr-1166dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalotech:whr-1166dhp_firmware:1.90:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalotech:whr-600d:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalotech:whr-600d_firmware:1.90:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalotech:wsr-1166dhp:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalotech:wsr-1166dhp_firmware:1.01:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-1135"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc.",
        "sources": [
          {
            "db": "BID",
            "id": "81548"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2016-1135",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000006",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2016-00707",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-89954",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2016-000006",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2016-1135",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2016-000006",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-00707",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201601-605",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-89954",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00707"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000006"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-605"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiple network devices provided by BUFFALO INC. contain a cross-site scripting vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the logged in user\u0027s web browser. Buffalo is the wireless router product of the Buffalo Group. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Buffalo BHR-4GRV2 etc",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2016-1135"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000006"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-00707"
          },
          {
            "db": "BID",
            "id": "81548"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89954"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2016-1135",
            "trust": 3.4
          },
          {
            "db": "JVN",
            "id": "JVN49225722",
            "trust": 3.4
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000006",
            "trust": 2.5
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-605",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-00707",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "81548",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-89954",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00707"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89954"
          },
          {
            "db": "BID",
            "id": "81548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000006"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-605"
          }
        ]
      },
      "id": "VAR-201601-0400",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00707"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89954"
          }
        ],
        "trust": 1.3471707
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00707"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:24:39.886000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "BUFFALO INC. website",
            "trust": 0.8,
            "url": "http://buffalo.jp/support_s/s20141030_2.html"
          },
          {
            "title": "Patches for multiple Buffalo product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/70910"
          },
          {
            "title": "Multiple Buffalo Fixes for product cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59923"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00707"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000006"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-605"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-89954"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000006"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1135"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.4,
            "url": "http://jvn.jp/en/jp/jvn49225722/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000006"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1135"
          },
          {
            "trust": 0.8,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1135"
          },
          {
            "trust": 0.3,
            "url": "http://www.buffalotech.com/products/wireless/wireless-n-routers-access-points/"
          },
          {
            "trust": 0.3,
            "url": "http://www.buffalotech.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00707"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89954"
          },
          {
            "db": "BID",
            "id": "81548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000006"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-605"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-00707"
          },
          {
            "db": "VULHUB",
            "id": "VHN-89954"
          },
          {
            "db": "BID",
            "id": "81548"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000006"
          },
          {
            "db": "NVD",
            "id": "CVE-2016-1135"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-605"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-01-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-00707"
          },
          {
            "date": "2016-01-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89954"
          },
          {
            "date": "2016-01-22T00:00:00",
            "db": "BID",
            "id": "81548"
          },
          {
            "date": "2016-01-22T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000006"
          },
          {
            "date": "2016-01-22T11:59:06.307000",
            "db": "NVD",
            "id": "CVE-2016-1135"
          },
          {
            "date": "2016-01-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201601-605"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-01-29T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-00707"
          },
          {
            "date": "2016-03-11T00:00:00",
            "db": "VULHUB",
            "id": "VHN-89954"
          },
          {
            "date": "2016-01-22T00:00:00",
            "db": "BID",
            "id": "81548"
          },
          {
            "date": "2016-03-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2016-000006"
          },
          {
            "date": "2016-03-11T13:26:22.597000",
            "db": "NVD",
            "id": "CVE-2016-1135"
          },
          {
            "date": "2016-01-25T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201601-605"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-605"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple Buffalo network devices vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2016-000006"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201601-605"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0131

    Vulnerability from variot - Updated: 2023-12-18 13:18

    System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. Buffalo TS5600D1206 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Buffalo TS5600D1206 is a network storage device from the Buffalo Group in Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0131",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts5600d1206",
            "scope": "eq",
            "trust": 3.0,
            "vendor": "buffalo",
            "version": "3.61-0.10"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00674"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012808"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-724"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:ts5600d1206_firmware:3.61-0.10:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:ts5600d1206:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-13318"
          }
        ]
      },
      "cve": "CVE-2018-13318",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-13318",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-00674",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-123365",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-13318",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-13318",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-00674",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-724",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-123365",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00674"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012808"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-724"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the \"name\" parameter. Buffalo TS5600D1206 Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Buffalo TS5600D1206 is a network storage device from the Buffalo Group in Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-13318"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012808"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-00674"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123365"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-13318",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012808",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-724",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-00674",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-123365",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00674"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012808"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-724"
          }
        ]
      },
      "id": "VAR-201811-0131",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00674"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123365"
          }
        ],
        "trust": 1.325
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00674"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:18:57.013000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Replacement Hard Drives for TeraStation 3000 and 5000 Series",
            "trust": 0.8,
            "url": "https://www.buffalotech.com/products/replacement-hard-drives-for-terastation-3000-and-5000-series"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012808"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-78",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-77",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-123365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012808"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13318"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13318"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13318"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00674"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012808"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-724"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00674"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123365"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012808"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13318"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-724"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-00674"
          },
          {
            "date": "2018-11-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-123365"
          },
          {
            "date": "2019-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012808"
          },
          {
            "date": "2018-11-26T23:29:00.533000",
            "db": "NVD",
            "id": "CVE-2018-13318"
          },
          {
            "date": "2018-11-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-724"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-00674"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-123365"
          },
          {
            "date": "2019-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012808"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2018-13318"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-724"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-724"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffalo TS5600D1206 Command injection vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012808"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-724"
          }
        ],
        "trust": 1.4
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "operating system commend injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-724"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201707-0318

    Vulnerability from variot - Updated: 2023-12-18 13:14

    Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. WMR-433 and WMR-433W provided by BUFFALO INC. are wireless LAN routers. WMR-433 and WMR-433W contain multiple vulnerabilities listed below. * Cross-site Request Forgery (CWE-352) - CVE-2017-2273 * Reflected Cross-site Scripting (CWE-79) - CVE-2017-2274 Manabu Kobayashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * If a logged-in user accesses a specially crafted page, configuration of the device may be changed or the device may be rebooted - CVE-2017-2273 * If a logged-in user accesses a specially crafted page, an arbitrary script may be executed on the user's web browser - CVE-2017-2274. Both the BUFFALOWAPM-1166D and the WAPM-APG600H are wireless LAN access point devices from Japan's BUFFALO Corporation. A remote attacker could exploit this vulnerability to perform unauthorized operations

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0318",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wmr-433w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.40"
          },
          {
            "model": "wmr-433",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.02"
          },
          {
            "model": "wmr-433",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.02"
          },
          {
            "model": "wmr-433w",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.40"
          },
          {
            "model": "wmr-433",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.02"
          },
          {
            "model": "wmr-433w",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.40"
          },
          {
            "model": "wmr-433",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "1.02"
          },
          {
            "model": "wmr-433w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "1.40"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24402"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2273"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1102"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wmr-433_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wmr-433:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wmr-433w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.40",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wmr-433w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2273"
          }
        ]
      },
      "cve": "CVE-2017-2273",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000180",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000180",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-24402",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-110476",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000180",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000180",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2017-000180",
                "trust": 1.6,
                "value": "Medium"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-2273",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-24402",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-1102",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110476",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24402"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110476"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2273"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1102"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. WMR-433 and WMR-433W provided by BUFFALO INC. are wireless LAN routers. WMR-433 and WMR-433W contain multiple vulnerabilities listed below. * Cross-site Request Forgery (CWE-352) - CVE-2017-2273 * Reflected Cross-site Scripting (CWE-79) - CVE-2017-2274 Manabu Kobayashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * If a logged-in user accesses a specially crafted page, configuration of the device may be changed or the device may be rebooted - CVE-2017-2273 * If a logged-in user accesses a specially crafted page, an arbitrary script may be executed on the user\u0027s web browser - CVE-2017-2274. Both the BUFFALOWAPM-1166D and the WAPM-APG600H are wireless LAN access point devices from Japan\u0027s BUFFALO Corporation. A remote attacker could exploit this vulnerability to perform unauthorized operations",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2273"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24402"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110476"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "JVN",
            "id": "JVN48413726",
            "trust": 3.1
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2273",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1102",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24402",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110476",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24402"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110476"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2273"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1102"
          }
        ]
      },
      "id": "VAR-201707-0318",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24402"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110476"
          }
        ],
        "trust": 1.362337665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24402"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:14:14.482000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "BUFFALO INC. website",
            "trust": 0.8,
            "url": "http://buffalo.jp/support_s/s20170606.html"
          },
          {
            "title": "Patch for BUFFALOWAPM-1166D and WAPM-APG600H Cross-Site Request Forgery Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/101439"
          },
          {
            "title": "BUFFALO WAPM-1166D  and WAPM-APG600H Fixes for cross-site request forgery vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71988"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24402"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1102"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-79",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110476"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2273"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://jvn.jp/en/jp/jvn48413726/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://buffalo.jp/support_s/s20170606.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2273"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2274"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2273"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2274"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn48413726/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24402"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110476"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2273"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1102"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24402"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110476"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2273"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1102"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24402"
          },
          {
            "date": "2017-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110476"
          },
          {
            "date": "2017-07-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "date": "2017-07-22T00:29:00.233000",
            "db": "NVD",
            "id": "CVE-2017-2273"
          },
          {
            "date": "2017-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1102"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24402"
          },
          {
            "date": "2017-08-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110476"
          },
          {
            "date": "2018-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "date": "2017-08-10T15:55:22.193000",
            "db": "NVD",
            "id": "CVE-2017-2273"
          },
          {
            "date": "2022-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1102"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1102"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in multiple Buffalo wireless LAN routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1102"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201707-0319

    Vulnerability from variot - Updated: 2023-12-18 13:14

    Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. WMR-433 and WMR-433W provided by BUFFALO INC. are wireless LAN routers. WMR-433 and WMR-433W contain multiple vulnerabilities listed below. * Cross-site Request Forgery (CWE-352) - CVE-2017-2273 * Reflected Cross-site Scripting (CWE-79) - CVE-2017-2274 Manabu Kobayashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * If a logged-in user accesses a specially crafted page, configuration of the device may be changed or the device may be rebooted - CVE-2017-2273 * If a logged-in user accesses a specially crafted page, an arbitrary script may be executed on the user's web browser - CVE-2017-2274. Both the BUFFALOWAPM-1166D and the WAPM-APG600H are wireless LAN access point devices from Japan's BUFFALO Corporation

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0319",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wmr-433w",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.40"
          },
          {
            "model": "wmr-433",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "buffalo",
            "version": "1.02"
          },
          {
            "model": "wmr-433",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.02"
          },
          {
            "model": "wmr-433w",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "ver.1.40"
          },
          {
            "model": "wmr-433",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.02"
          },
          {
            "model": "wmr-433w",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "\u003c=1.40"
          },
          {
            "model": "wmr-433",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "1.02"
          },
          {
            "model": "wmr-433w",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "buffalo",
            "version": "1.40"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24401"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1101"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wmr-433_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.02",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wmr-433:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              },
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:wmr-433w_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "1.40",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:wmr-433w:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2274"
          }
        ]
      },
      "cve": "CVE-2017-2274",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000180",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000180",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2017-24401",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-110477",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "Low",
                "baseScore": 4.3,
                "baseSeverity": "Medium",
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000180",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "JVNDB-2017-000180",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "IPA",
                "id": "JVNDB-2017-000180",
                "trust": 1.6,
                "value": "Medium"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-2274",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-24401",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201707-1101",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-110477",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24401"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110477"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1101"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. WMR-433 and WMR-433W provided by BUFFALO INC. are wireless LAN routers. WMR-433 and WMR-433W contain multiple vulnerabilities listed below. * Cross-site Request Forgery (CWE-352) - CVE-2017-2273 * Reflected Cross-site Scripting (CWE-79) - CVE-2017-2274 Manabu Kobayashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The possible impact of each vulnerability is as follows: * If a logged-in user accesses a specially crafted page, configuration of the device may be changed or the device may be rebooted - CVE-2017-2273 * If a logged-in user accesses a specially crafted page, an arbitrary script may be executed on the user\u0027s web browser - CVE-2017-2274. Both the BUFFALOWAPM-1166D and the WAPM-APG600H are wireless LAN access point devices from Japan\u0027s BUFFALO Corporation",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-2274"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24401"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110477"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-2274",
            "trust": 3.1
          },
          {
            "db": "JVN",
            "id": "JVN48413726",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1101",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-24401",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-110477",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24401"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110477"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1101"
          }
        ]
      },
      "id": "VAR-201707-0319",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24401"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110477"
          }
        ],
        "trust": 1.362337665
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24401"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:14:14.453000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "BUFFALO INC. website",
            "trust": 0.8,
            "url": "http://buffalo.jp/support_s/s20170606.html"
          },
          {
            "title": "Patch for BUFFALOWAPM-1166D and WAPM-APG600H Cross-Site Scripting Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/101438"
          },
          {
            "title": "BUFFALO WAPM-1166D  and WAPM-APG600H Fixes for cross-site scripting vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71987"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24401"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1101"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          },
          {
            "problemtype": "CWE-352",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-110477"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2274"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://jvn.jp/en/jp/jvn48413726/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://buffalo.jp/support_s/s20170606.html"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2273"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2274"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2273"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2274"
          },
          {
            "trust": 0.6,
            "url": "http://jvn.jp/en/jp/jvn48413726/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24401"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110477"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1101"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-24401"
          },
          {
            "db": "VULHUB",
            "id": "VHN-110477"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-2274"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1101"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24401"
          },
          {
            "date": "2017-07-22T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110477"
          },
          {
            "date": "2017-07-20T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "date": "2017-07-22T00:29:00.277000",
            "db": "NVD",
            "id": "CVE-2017-2274"
          },
          {
            "date": "2017-07-26T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1101"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-09-03T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-24401"
          },
          {
            "date": "2017-11-08T00:00:00",
            "db": "VULHUB",
            "id": "VHN-110477"
          },
          {
            "date": "2018-01-24T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          },
          {
            "date": "2017-11-08T15:54:22.983000",
            "db": "NVD",
            "id": "CVE-2017-2274"
          },
          {
            "date": "2022-03-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201707-1101"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1101"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple vulnerabilities in multiple Buffalo wireless LAN routers",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-000180"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201707-1101"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200610-0509

    Vulnerability from variot - Updated: 2023-12-18 13:10

    Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors. TeraStation HD-HTGL series provided by Buffalo, Inc. are hard disks for LAN connection and have administrative web interface.


    Want to work within IT-Security?

    Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.

    Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/


    TITLE: TeraStation HD-HTGL Series Cross-Site Request Forgery

    SECUNIA ADVISORY ID: SA22248

    VERIFY ADVISORY: http://secunia.com/advisories/22248/

    CRITICAL: Less critical

    IMPACT: Cross Site Scripting, Manipulation of data

    WHERE:

    From remote

    OPERATING SYSTEM: TeraStation HD-HTGL Series http://secunia.com/product/12189/

    DESCRIPTION: A vulnerability has been reported in TeraStation HD-HTGL Series, which can be exploited by malicious people to conduct cross-site request forgery attacks.

    The vulnerability is caused due to an error within the web administration interface, which allows to perform certain sensitive actions without verifying the user's request. This can be exploited to modify certain configuration sections or delete data stored on the device.

    The vulnerability is reported in firmware 2.05. Other versions may also be affected.

    SOLUTION: Do not visit untrusted sites while being logged in to the device.

    PROVIDED AND/OR DISCOVERED BY: Reported by JVN.

    ORIGINAL ADVISORY: http://jvn.jp/jp/JVN%2393484133/index.html


    About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

    Subscribe: http://secunia.com/secunia_security_advisories/

    Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

    Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.


    Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org


    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200610-0509",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "terastation hd-htgl",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "buffalotech",
            "version": "2.05_beta1"
          },
          {
            "model": "hd-htgl series",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "firmware ver. 2.05-beta-1"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000665"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5175"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200610-169"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:terastation_hd-htgl_firmware:2.05_beta1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-5175"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Secunia",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "50493"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2006-5175",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Complete",
                "baseScore": 7.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2006-000665",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "HIGH",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 7.6,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 4.9,
                "id": "VHN-21283",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2006-5175",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2006-000665",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200610-169",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-21283",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-21283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000665"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5175"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200610-169"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors. TeraStation HD-HTGL series provided by Buffalo, Inc. are hard disks for LAN connection and have administrative web interface. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nTeraStation HD-HTGL Series Cross-Site Request Forgery\n\nSECUNIA ADVISORY ID:\nSA22248\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22248/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nCross Site Scripting, Manipulation of data\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nTeraStation HD-HTGL Series\nhttp://secunia.com/product/12189/\n\nDESCRIPTION:\nA vulnerability has been reported in TeraStation HD-HTGL Series,\nwhich can be exploited by malicious people to conduct cross-site\nrequest forgery attacks. \n\nThe vulnerability is caused due to an error within the web\nadministration interface, which allows to perform certain sensitive\nactions without verifying the user\u0027s request. This can be exploited\nto modify certain configuration sections or delete data stored on the\ndevice. \n\nThe vulnerability is reported in firmware 2.05. Other versions may\nalso be affected. \n\nSOLUTION:\nDo not visit untrusted sites while being logged in to the device. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by JVN. \n\nORIGINAL ADVISORY:\nhttp://jvn.jp/jp/JVN%2393484133/index.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2006-5175"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000665"
          },
          {
            "db": "VULHUB",
            "id": "VHN-21283"
          },
          {
            "db": "PACKETSTORM",
            "id": "50493"
          }
        ],
        "trust": 1.8
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "SECUNIA",
            "id": "22248",
            "trust": 2.6
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5175",
            "trust": 2.5
          },
          {
            "db": "VUPEN",
            "id": "ADV-2006-3891",
            "trust": 1.7
          },
          {
            "db": "XF",
            "id": "29338",
            "trust": 1.4
          },
          {
            "db": "JVN",
            "id": "JVN93484133",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000665",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200610-169",
            "trust": 0.7
          },
          {
            "db": "JVN",
            "id": "JVN#93484133",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "84566",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-21283",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "50493",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-21283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000665"
          },
          {
            "db": "PACKETSTORM",
            "id": "50493"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5175"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200610-169"
          }
        ]
      },
      "id": "VAR-200610-0509",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-21283"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2023-12-18T13:10:32.245000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Download Service",
            "trust": 0.8,
            "url": "http://buffalo.jp/download/driver/hd/hd-htgl.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000665"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-21283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000665"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5175"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "http://jvn.jp/jp/jvn%2393484133/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://secunia.com/advisories/22248"
          },
          {
            "trust": 1.4,
            "url": "http://www.frsirt.com/english/advisories/2006/3891"
          },
          {
            "trust": 1.4,
            "url": "http://xforce.iss.net/xforce/xfdb/29338"
          },
          {
            "trust": 1.1,
            "url": "http://www.vupen.com/english/advisories/2006/3891"
          },
          {
            "trust": 1.1,
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29338"
          },
          {
            "trust": 0.9,
            "url": "http://secunia.com/advisories/22248/"
          },
          {
            "trust": 0.8,
            "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5175"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/en/jp/jvn93484133/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-5175"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/secunia_security_advisories/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/product/12189/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
          },
          {
            "trust": 0.1,
            "url": "http://secunia.com/about_secunia_advisories/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-21283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000665"
          },
          {
            "db": "PACKETSTORM",
            "id": "50493"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5175"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200610-169"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-21283"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000665"
          },
          {
            "db": "PACKETSTORM",
            "id": "50493"
          },
          {
            "db": "NVD",
            "id": "CVE-2006-5175"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200610-169"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2006-10-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-21283"
          },
          {
            "date": "2008-05-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000665"
          },
          {
            "date": "2006-10-03T22:17:11",
            "db": "PACKETSTORM",
            "id": "50493"
          },
          {
            "date": "2006-10-10T04:06:00",
            "db": "NVD",
            "id": "CVE-2006-5175"
          },
          {
            "date": "2006-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200610-169"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-07-20T00:00:00",
            "db": "VULHUB",
            "id": "VHN-21283"
          },
          {
            "date": "2008-05-21T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2006-000665"
          },
          {
            "date": "2017-07-20T01:33:34.930000",
            "db": "NVD",
            "id": "CVE-2006-5175"
          },
          {
            "date": "2006-10-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200610-169"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200610-169"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "TeraStation HD-HTGL series cross-site request forgery vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2006-000665"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200610-169"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201811-0134

    Vulnerability from variot - Updated: 2023-12-18 13:08

    Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. Buffalo TS5600D1206 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Buffalo TS5600D1206 is a network storage device from the Buffalo Group in Japan

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201811-0134",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ts5600d1206",
            "scope": "eq",
            "trust": 3.0,
            "vendor": "buffalo",
            "version": "3.61-0.10"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00678"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012805"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-727"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:buffalo:ts5600d1206_firmware:3.61-0.10:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:buffalo:ts5600d1206:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-13321"
          }
        ]
      },
      "cve": "CVE-2018-13321",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-13321",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-00678",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.0,
                "id": "VHN-123369",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-13321",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "Low",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-13321",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-00678",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201811-727",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-123369",
                "trust": 0.1,
                "value": "MEDIUM"
              },
              {
                "author": "VULMON",
                "id": "CVE-2018-13321",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00678"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123369"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-13321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012805"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-727"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the \"method\" parameter. Buffalo TS5600D1206 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Buffalo TS5600D1206 is a network storage device from the Buffalo Group in Japan",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-13321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012805"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-00678"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123369"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-13321"
          }
        ],
        "trust": 2.34
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-13321",
            "trust": 3.2
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012805",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-727",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-00678",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-123369",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-13321",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00678"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123369"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-13321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012805"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-727"
          }
        ]
      },
      "id": "VAR-201811-0134",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00678"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123369"
          }
        ],
        "trust": 1.325
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00678"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:08:16.013000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Replacement Hard Drives for TeraStation 3000 and 5000 Series",
            "trust": 0.8,
            "url": "https://www.buffalotech.com/products/replacement-hard-drives-for-terastation-3000-and-5000-series"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012805"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-732",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-284",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-123369"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012805"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13321"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.6,
            "url": "https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-13321"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13321"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/732.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00678"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123369"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-13321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012805"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-727"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-00678"
          },
          {
            "db": "VULHUB",
            "id": "VHN-123369"
          },
          {
            "db": "VULMON",
            "id": "CVE-2018-13321"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012805"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-13321"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-727"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-00678"
          },
          {
            "date": "2018-11-26T00:00:00",
            "db": "VULHUB",
            "id": "VHN-123369"
          },
          {
            "date": "2018-11-26T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-13321"
          },
          {
            "date": "2019-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012805"
          },
          {
            "date": "2018-11-26T23:29:00.657000",
            "db": "NVD",
            "id": "CVE-2018-13321"
          },
          {
            "date": "2018-11-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-727"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-01-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-00678"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULHUB",
            "id": "VHN-123369"
          },
          {
            "date": "2019-10-03T00:00:00",
            "db": "VULMON",
            "id": "CVE-2018-13321"
          },
          {
            "date": "2019-02-07T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-012805"
          },
          {
            "date": "2019-10-03T00:03:26.223000",
            "db": "NVD",
            "id": "CVE-2018-13321"
          },
          {
            "date": "2019-10-23T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201811-727"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-727"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Buffalo TS5600D1206 Access control vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-012805"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "access control error",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201811-727"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201105-0127

    Vulnerability from variot - Updated: 2023-12-18 12:58

    Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. Multiple routers provided by Buffalo contain a cross-site request forgery vulnerability. Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management screen. Hirotaka Katagiri reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged into the management screen, settings such as the login password may be altered. Successful exploits can result in privileged commands running on the affected devices, including enabling remote access to the web administration interface. This may lead to further network-based attacks. A remote attacker can exploit this vulnerability to hijack the administrator's authentication request to modify settings, such as changing the login password

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201105-0127",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "wzr-g144nh",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "buffalotech",
            "version": "1.47"
          },
          {
            "model": "fs-g54",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "buffalotech",
            "version": "2.07"
          },
          {
            "model": "wzr-g144nh",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "buffalotech",
            "version": "1.45"
          },
          {
            "model": "wer-ag54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.04"
          },
          {
            "model": "whr-am54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.42"
          },
          {
            "model": "bbr-4hg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "wer-a54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.02"
          },
          {
            "model": "wzr-ampg300nh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "wer-a54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "wer-am54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "whr-hp-g",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.46"
          },
          {
            "model": "bhr-4rv",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "2.46"
          },
          {
            "model": "fs-g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "whr-g54s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.40"
          },
          {
            "model": "bbr-4mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.12"
          },
          {
            "model": "whr-hp-g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.20"
          },
          {
            "model": "wer-a54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.13"
          },
          {
            "model": "whr-g54s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.38"
          },
          {
            "model": "whr-amg54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.40"
          },
          {
            "model": "wzr-g144n",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.46"
          },
          {
            "model": "whr-g",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "whr-amg54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "whr-hp-g",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "whr-amg54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.38"
          },
          {
            "model": "whr-g54s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "whr-am54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "wzr-ampg144nh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.48"
          },
          {
            "model": "wer-am54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.13"
          },
          {
            "model": "bbr-4mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.11"
          },
          {
            "model": "bbr-4mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.30"
          },
          {
            "model": "wzr2-g300n",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.50"
          },
          {
            "model": "whr-g",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.46"
          },
          {
            "model": "wer-a54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.00"
          },
          {
            "model": "bhr-4rv",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "2.32"
          },
          {
            "model": "wzr-g144n",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "as-100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "wer-a54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.12"
          },
          {
            "model": "bhr-4rv",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "whr-am54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.40"
          },
          {
            "model": "wzr-g144n",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.45"
          },
          {
            "model": "wzr2-g300n",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "whr-am54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.38"
          },
          {
            "model": "wer-am54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.12"
          },
          {
            "model": "wzr-ampg300nh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.48"
          },
          {
            "model": "wer-ag54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "bbr-4mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "bhr-4rv",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "2.31"
          },
          {
            "model": "wzr-ampg144nh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.47"
          },
          {
            "model": "wer-amg54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.12"
          },
          {
            "model": "wzr-g144n",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.47"
          },
          {
            "model": "bbr-4hg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.12"
          },
          {
            "model": "bbr-4hg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.32"
          },
          {
            "model": "whr-ampg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.46"
          },
          {
            "model": "whr-hp-g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.42"
          },
          {
            "model": "wer-am54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.14"
          },
          {
            "model": "whr-hp-g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.23"
          },
          {
            "model": "wzr-g144nh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "whr-hp-g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "wer-amg54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.14"
          },
          {
            "model": "bbr-4mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.01"
          },
          {
            "model": "bbr-4mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.00"
          },
          {
            "model": "bbr-4hg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.20"
          },
          {
            "model": "whr-hp-g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.21"
          },
          {
            "model": "whr-hp-ampg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.32"
          },
          {
            "model": "bbr-4hg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.31"
          },
          {
            "model": "wzr2-g300n",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.48"
          },
          {
            "model": "wer-am54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.11"
          },
          {
            "model": "bbr-4hg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.04"
          },
          {
            "model": "wer-a54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.03"
          },
          {
            "model": "bbr-4mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.32"
          },
          {
            "model": "wer-a54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.10"
          },
          {
            "model": "wer-amg54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.11"
          },
          {
            "model": "bbr-4hg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.30"
          },
          {
            "model": "bbr-4hg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.11"
          },
          {
            "model": "bbr-4hg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.33"
          },
          {
            "model": "whr-ampg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "whr-hp-ampg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "bbr-4mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.20"
          },
          {
            "model": "bbr-4mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.31"
          },
          {
            "model": "bbr-4hg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.02"
          },
          {
            "model": "whr-am54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.30"
          },
          {
            "model": "bhr-4rv",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "2.48"
          },
          {
            "model": "bbr-4mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.04"
          },
          {
            "model": "whr-g54s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.42"
          },
          {
            "model": "whr-g54s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.23"
          },
          {
            "model": "bbr-4mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.33"
          },
          {
            "model": "bbr-4hg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.10"
          },
          {
            "model": "wer-a54g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.01"
          },
          {
            "model": "whr-amg54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.42"
          },
          {
            "model": "whr-g54s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.21"
          },
          {
            "model": "wzr-g144nh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.48"
          },
          {
            "model": "whr-hp-g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.40"
          },
          {
            "model": "wer-amg54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "whr-g54s",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.20"
          },
          {
            "model": "bbr-4mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.03"
          },
          {
            "model": "wer-ag54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.12"
          },
          {
            "model": "whr-hp-g54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.38"
          },
          {
            "model": "bbr-4mg",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.10"
          },
          {
            "model": "wzr-ampg144nh",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "*"
          },
          {
            "model": "bhr-4rv",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "2.33"
          },
          {
            "model": "bhr-4rv",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "2.42"
          },
          {
            "model": "whr-amg54",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "buffalotech",
            "version": "1.31"
          },
          {
            "model": "bbr-4hg",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "buffalo",
            "version": "and other routers"
          },
          {
            "model": "bhr-4rv",
            "scope": null,
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "whr-g",
            "scope": null,
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "whr-hp-g",
            "scope": null,
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "whr-ampg",
            "scope": null,
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "fs-g54",
            "scope": null,
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "as-100",
            "scope": null,
            "trust": 0.6,
            "vendor": "buffalotech",
            "version": null
          },
          {
            "model": "technology wireless broadband router wbrg54",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.11"
          },
          {
            "model": "technology whr-g54s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.2"
          },
          {
            "model": "technology wireless-n nfiniti wzr-hp-g300nh",
            "scope": null,
            "trust": 0.3,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "technology wireless-n nfiniti whr-g300n",
            "scope": null,
            "trust": 0.3,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "technology wireless-n nfiniti whr-g300u",
            "scope": null,
            "trust": 0.3,
            "vendor": "buffalo",
            "version": null
          },
          {
            "model": "technology wireless broadband router wbrg54",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.13"
          },
          {
            "model": "technology airstation whr-g54s",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "buffalo",
            "version": "1.2"
          },
          {
            "model": "technology wireless-n nfiniti whr-hp-g300n",
            "scope": null,
            "trust": 0.3,
            "vendor": "buffalo",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "47893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-000025"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-115"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.10:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.30:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.38:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-amg54_firmware:1.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-amg54_firmware:1.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-amg54_firmware:1.14:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.01:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.31:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.32:prebeta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.33:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-g_firmware:1.46:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g_firmware:1.46:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:wer-ag54:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:wer-am54g54:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:whr-amg54:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-ampg_firmware:1.32:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.48:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-g54s_firmware:1.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.46:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.47:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-ag54_firmware:1.12:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.00:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.01:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-ampg_firmware:1.46:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.32:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.31:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-amg54_firmware:1.31:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-amg54_firmware:1.38:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.20:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.11:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.10:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.31:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.30:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wzr-ampg144nh_firmware:1.47:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:wzr-ampg144nh:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:wer-a54g54:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:whr-am54g54:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:whr-hp-ampg:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:bbr-4hg:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-g54s_firmware:1.40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.21:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.38:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:fs-g54_firmware:2.07:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:as-100:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:fs-g54:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:bhr-4rv:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.47:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.45:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.47:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-ag54_firmware:1.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.02:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.11:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.33:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-amg54_firmware:1.42:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.42:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.33:prebeta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.46:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.10:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.04:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.33:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.32:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wzr2-g300n_firmware:1.48:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wzr-ampg144nh_firmware:1.48:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:wer-amg54:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:wzr2-g300n:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:bbr-4mg:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:whr-g54s:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-g54s_firmware:1.38:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-g54s_firmware:1.42:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.23:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144nh_firmware:1.47:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:whr-ampg:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.13:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.12:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-am54g54_firmware:1.12:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-ag54_firmware:1.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wer-a54g54_firmware:1.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.04:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.12:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.20:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4hg_firmware:1.32:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-amg54_firmware:1.40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.40:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-am54g54_firmware:1.30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.42:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bhr-4rv_firmware:2.48:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.04:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.32:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:bbr-4mg_firmware:1.30:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wzr-ampg300nh_firmware:1.48:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wzr2-g300n_firmware:1.50:beta:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:wzr-g144n:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:wzr-ampg300nh:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:wzr-g144nh:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:whr-hp-g54:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-g54s_firmware:1.20:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-g54s_firmware:1.23:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:whr-hp-g54_firmware:1.42:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:buffalotech:wzr-g144n_firmware:1.45:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:whr-hp-g:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:buffalotech:whr-g:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-1324"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hirotaka Katagiri",
        "sources": [
          {
            "db": "BID",
            "id": "47893"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2011-1324",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "High",
                "accessVector": "Network",
                "authentication": "None",
                "author": "IPA",
                "availabilityImpact": "Partial",
                "baseScore": 4.0,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "JVNDB-2011-000025",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-49269",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2011-1324",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2011-000025",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201105-115",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-49269",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-49269"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-000025"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-115"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. Multiple routers provided by Buffalo contain a cross-site request forgery vulnerability. Multiple routers provided by Buffalo have a management screen that allows users to modify settings. These routers contain a cross-site request forgery vulnerability due to an issue in the management screen. Hirotaka Katagiri reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged into the management screen, settings such as the login password may be altered. \nSuccessful exploits can result in privileged commands running on the affected devices, including enabling remote access to the web administration interface. This may lead to further network-based attacks. A remote attacker can exploit this vulnerability to hijack the administrator\u0027s authentication request to modify settings, such as changing the login password",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2011-1324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-000025"
          },
          {
            "db": "BID",
            "id": "47893"
          },
          {
            "db": "VULHUB",
            "id": "VHN-49269"
          }
        ],
        "trust": 1.98
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2011-1324",
            "trust": 2.8
          },
          {
            "db": "JVN",
            "id": "JVN50505257",
            "trust": 2.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-000025",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-115",
            "trust": 0.7
          },
          {
            "db": "JVN",
            "id": "JVN#50505257",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "47893",
            "trust": 0.4
          },
          {
            "db": "VULHUB",
            "id": "VHN-49269",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-49269"
          },
          {
            "db": "BID",
            "id": "47893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-000025"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-115"
          }
        ]
      },
      "id": "VAR-201105-0127",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-49269"
          }
        ],
        "trust": 0.6615079433333333
      },
      "last_update_date": "2023-12-18T12:58:24.406000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Multiple routers vulnerable to cross-site request forgery",
            "trust": 0.8,
            "url": "http://buffalo.jp/support_s/20080808/csrf.html"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-000025"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-49269"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-000025"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1324"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.0,
            "url": "http://jvn.jp/en/jp/jvn50505257/index.html"
          },
          {
            "trust": 1.7,
            "url": "http://buffalo.jp/support_s/20080808/csrf.html"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1324"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/en/jp/jvn50505257"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-1324"
          },
          {
            "trust": 0.3,
            "url": "http://www.buffalotech.com/products/wireless/wireless-n-routers-access-points/"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-49269"
          },
          {
            "db": "BID",
            "id": "47893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-000025"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-115"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-49269"
          },
          {
            "db": "BID",
            "id": "47893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-000025"
          },
          {
            "db": "NVD",
            "id": "CVE-2011-1324"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-115"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-05-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-49269"
          },
          {
            "date": "2011-05-17T00:00:00",
            "db": "BID",
            "id": "47893"
          },
          {
            "date": "2011-05-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-000025"
          },
          {
            "date": "2011-05-09T19:55:03.507000",
            "db": "NVD",
            "id": "CVE-2011-1324"
          },
          {
            "date": "2011-05-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201105-115"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2011-05-27T00:00:00",
            "db": "VULHUB",
            "id": "VHN-49269"
          },
          {
            "date": "2011-05-17T00:00:00",
            "db": "BID",
            "id": "47893"
          },
          {
            "date": "2011-05-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2011-000025"
          },
          {
            "date": "2011-05-27T04:00:00",
            "db": "NVD",
            "id": "CVE-2011-1324"
          },
          {
            "date": "2011-05-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201105-115"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-115"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple Buffalo routers vulnerable to cross-site request forgery",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2011-000025"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201105-115"
          }
        ],
        "trust": 0.6
      }
    }