CSRF Vulnerability in Buffalo WNC01WH Devices
CVE-2016-7822

8.8HIGH

Key Information:

Vendor

Buffalo Inc.

Status
Wnc01wh
Vendor
CVE Published:
9 June 2017

What is CVE-2016-7822?

A cross-site request forgery (CSRF) vulnerability exists in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier. This vulnerability allows remote attackers to exploit the authentication session of a logged-in user, potentially leading to unauthorized actions being performed without the user's consent. Unsuspecting users who are tricked into navigating to a malicious site can inadvertently trigger requests that the device accepts as legitimate, enabling attackers to manipulate device settings or perform other unintended operations.

Affected Version(s)

WNC01WH firmware version 1.0.0.8 and earlier

References

https://jvn.jp/en/jp/JVN40613060/index.html
third-party-advisoryx_refsource_JVN
http://buffalo.jp/support_s/s20161201.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94648
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.