CSRF Vulnerability in Buffalo WNC01WH Devices
CVE-2016-7822

8.8HIGH

Key Information:

Vendor

Buffalo Inc.

Status
Wnc01wh
Vendor
CVE Published:
9 June 2017

What is CVE-2016-7822?

A cross-site request forgery (CSRF) vulnerability exists in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier. This vulnerability allows remote attackers to exploit the authentication session of a logged-in user, potentially leading to unauthorized actions being performed without the user's consent. Unsuspecting users who are tricked into navigating to a malicious site can inadvertently trigger requests that the device accepts as legitimate, enabling attackers to manipulate device settings or perform other unintended operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

WNC01WH firmware version 1.0.0.8 and earlier

References

https://jvn.jp/en/jp/JVN40613060/index.html
third-party-advisoryx_refsource_JVN
http://buffalo.jp/support_s/s20161201.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94648
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.