CVE-2016-7822 - OpenCVE

Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Buffalotech	Wnc01wh Wnc01wh Firmware

Configuration 1 [-]

AND

cpe:2.3:o:buffalotech:wnc01wh_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:buffalotech:wnc01wh:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://buffalo.jp/support_s/s20161201.html
http://www.securityfocus.com/bid/94648
https://jvn.jp/en/jp/JVN40613060/index.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2017-06-09T16:00:00

Updated: 2024-08-06T02:04:56.103Z

Reserved: 2016-09-09T00:00:00

Link: CVE-2016-7822

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-06-09T16:29:00.937

Modified: 2017-06-15T13:21:21.387

Link: CVE-2016-7822

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "WNC01WH", "vendor": "BUFFALO INC.", "versions": [{"status": "affected", "version": "firmware version 1.0.0.8 and earlier"}]}], "datePublic": "2016-12-02T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "Cross-site request forgery", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-06-12T09:57:01", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVN#40613060", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "https://jvn.jp/en/jp/JVN40613060/index.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://buffalo.jp/support_s/s20161201.html"}, {"name": "94648", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/94648"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2016-7822", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WNC01WH", "version": {"version_data": [{"version_value": "firmware version 1.0.0.8 and earlier"}]}}]}, "vendor_name": "BUFFALO INC."}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-site request forgery"}]}]}, "references": {"reference_data": [{"name": "JVN#40613060", "refsource": "JVN", "url": "https://jvn.jp/en/jp/JVN40613060/index.html"}, {"name": "http://buffalo.jp/support_s/s20161201.html", "refsource": "CONFIRM", "url": "http://buffalo.jp/support_s/s20161201.html"}, {"name": "94648", "refsource": "BID", "url": "http://www.securityfocus.com/bid/94648"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T02:04:56.103Z"}, "title": "CVE Program Container", "references": [{"name": "JVN#40613060", "tags": ["third-party-advisory", "x_refsource_JVN", "x_transferred"], "url": "https://jvn.jp/en/jp/JVN40613060/index.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://buffalo.jp/support_s/s20161201.html"}, {"name": "94648", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/94648"}]}]}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2016-7822", "datePublished": "2017-06-09T16:00:00", "dateReserved": "2016-09-09T00:00:00", "dateUpdated": "2024-08-06T02:04:56.103Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:buffalotech:wnc01wh_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "68804DC0-3EDC-4777-92B9-33A9CC22C652", "versionEndIncluding": "1.0.0.8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:buffalotech:wnc01wh:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D4DDFBA-C88C-4957-82CE-90DEA0FE7CA9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors."}, {"lang": "es", "value": "La vulnerabilidad de falsificaci\u00f3n de peticiones en sitios cruzados(CSRF) en los dispositivos Buffalo WNC01WH con la versi\u00f3n de firmware 1.0.0.8 y anteriores permite a los atacantes remotos secuestrar la autenticaci\u00f3n de un usuario conectado para realizar operaciones no deseadas a trav\u00e9s de vectores no especificados."}], "id": "CVE-2016-7822", "lastModified": "2017-06-15T13:21:21.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-09T16:29:00.937", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://buffalo.jp/support_s/s20161201.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/94648"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://jvn.jp/en/jp/JVN40613060/index.html"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}