Cross-Site Scripting Vulnerability in Buffalo WNC01WH Devices
CVE-2016-7823

4.3MEDIUM

Key Information:

Vendor

Buffalo Inc.

Status
Wnc01wh
Vendor
CVE Published:
9 June 2017

What is CVE-2016-7823?

Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier are vulnerable to a cross-site scripting attack. This vulnerability allows authenticated attackers to exploit the system by injecting arbitrary web scripts or HTML through unspecified vectors, potentially compromising the integrity of the web interface and leading to unauthorized actions or data access.

Affected Version(s)

WNC01WH firmware version 1.0.0.8 and earlier

References

https://jvn.jp/en/jp/JVN40613060/index.html
third-party-advisoryx_refsource_JVN
http://buffalo.jp/support_s/s20161201.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/94648
vdb-entryx_refsource_BID

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.