Summary
Detail | |||
---|---|---|---|
Vendor | Buffalotech | First view | 2017-06-09 |
Product | wnc01wh Firmware | Last view | 2017-06-09 |
Version | 1.0.0.8 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:buffalotech:wnc01wh_firmware |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.5 | 2017-06-09 | CVE-2016-7826 | Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. |
6.5 | 2017-06-09 | CVE-2016-7825 | Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands. |
8.8 | 2017-06-09 | CVE-2016-7824 | Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. |
4.3 | 2017-06-09 | CVE-2016-7823 | Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. |
8.8 | 2017-06-09 | CVE-2016-7822 | Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors. |
6.5 | 2017-06-09 | CVE-2016-7821 | Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
33% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
16% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
16% (1) | CWE-284 | Access Control (Authorization) Issues |
16% (1) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
16% (1) | CWE-20 | Improper Input Validation |