This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Buffalotech First view 2017-06-09
Product wnc01wh Firmware Last view 2017-06-09
Version 1.0.0.8 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:buffalotech:wnc01wh_firmware

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2017-06-09 CVE-2016-7826

Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.

6.5 2017-06-09 CVE-2016-7825

Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.

8.8 2017-06-09 CVE-2016-7824

Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.

4.3 2017-06-09 CVE-2016-7823

Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

8.8 2017-06-09 CVE-2016-7822

Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.

6.5 2017-06-09 CVE-2016-7821

Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.

CWE : Common Weakness Enumeration

%idName
33% (2) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
16% (1) CWE-352 Cross-Site Request Forgery (CSRF)
16% (1) CWE-284 Access Control (Authorization) Issues
16% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
16% (1) CWE-20 Improper Input Validation