Buffalo WNC01WH JVN#40613060 Multiple Security Vulnerabilities
BID:94648
CVE-2016-7821 | CVE-2016-7822 | CVE-2016-7823 | CVE-2016-7824 | CVE-2016-7825 | CVE-2016-7826 |Info
Buffalo WNC01WH JVN#40613060 Multiple Security Vulnerabilities
Bugtraq ID: | 94648 |
Class: | Input Validation Error |
CVE: |
CVE-2016-7821 CVE-2016-7822 CVE-2016-7823 CVE-2016-7824 CVE-2016-7825 CVE-2016-7826 |
Remote: | Yes |
Local: | No |
Published: | Dec 02 2016 12:00AM |
Updated: | Dec 20 2016 02:05AM |
Credit: | Toshitsugu Yoneyama of Mitsui Bussan Secure Directions |
Vulnerable: |
BUFFALO INC. WNC01WH 1.0.0.8 BUFFALO INC. WNC01WH 1.0.0.5 BUFFALO INC. WNC01WH 1.0.0.4 |
Not Vulnerable: |
BUFFALO INC. WNC01WH 1.0.0.9 |
Discussion
Buffalo WNC01WH JVN#40613060 Multiple Security Vulnerabilities
Buffalo WNC01WH camera is prone to the following security vulnerabilities:
1. A denial-of-service vulnerability
2. A cross-site request forgery vulnerability
3. An HTML-injection vulnerability
4. A security bypass vulnerability
5. Multiple directory-traversal vulnerabilities
An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information.
Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable.
Buffalo WNC01WH camera is prone to the following security vulnerabilities:
1. A denial-of-service vulnerability
2. A cross-site request forgery vulnerability
3. An HTML-injection vulnerability
4. A security bypass vulnerability
5. Multiple directory-traversal vulnerabilities
An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information.
Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable.
Exploit / POC
Buffalo WNC01WH JVN#40613060 Multiple Security Vulnerabilities
Attackers can exploit this issue using a browser or readily available tools.
Attackers can exploit this issue using a browser or readily available tools.
Solution / Fix
Buffalo WNC01WH JVN#40613060 Multiple Security Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Buffalo WNC01WH JVN#40613060 Multiple Security Vulnerabilities
References:
References:
- Buffalo Inc. Homepage (Buffalo)
- JVN#40613060 Multiple vulnerabilities in WNC01WH (JPCERT)
- Multiple vulnerabilities on the network camera WNC01WH (BUFFALO INC.)