var-201706-0070
Vulnerability from variot
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing POST request. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An authenticated attacker may delete arbitrary files on the product. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wnc01wh",
"scope": "lte",
"trust": 1.0,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "lte",
"trust": 0.8,
"vendor": "buffalo",
"version": "version 1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.6,
"vendor": "buffalotech",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.8"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.5"
},
{
"model": "wnc01wh",
"scope": "eq",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.4"
},
{
"model": "wnc01wh",
"scope": "ne",
"trust": 0.3,
"vendor": "buffalo",
"version": "1.0.0.9"
}
],
"sources": [
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
},
{
"db": "NVD",
"id": "CVE-2016-7826"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:buffalo_inc:wnc01wh_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Toshitsugu Yoneyama of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "BID",
"id": "94648"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7826",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-7826",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 6.2,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000241",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-96646",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-7826",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000241",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-7826",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000241",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201612-091",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96646",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96646"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
},
{
"db": "NVD",
"id": "CVE-2016-7826"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing POST request. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An authenticated attacker may delete arbitrary files on the product. Buffalo WNC01WH camera is prone to the following security vulnerabilities:\n1. A denial-of-service vulnerability\n2. A cross-site request forgery vulnerability\n3. An HTML-injection vulnerability\n4. A security bypass vulnerability\n5. Multiple directory-traversal vulnerabilities\nAn attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. \nBuffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7826"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "VULHUB",
"id": "VHN-96646"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7826",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN40613060",
"trust": 2.8
},
{
"db": "BID",
"id": "94648",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96646",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96646"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
},
{
"db": "NVD",
"id": "CVE-2016-7826"
}
]
},
"id": "VAR-201706-0070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96646"
}
],
"trust": 0.6833333
},
"last_update_date": "2024-11-23T22:17:56.112000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BUFFALO INC. website",
"trust": 0.8,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"title": "Buffalo WNC01WH Fixes for directory traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66142"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96646"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "NVD",
"id": "CVE-2016-7826"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn40613060/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94648"
},
{
"trust": 1.7,
"url": "http://buffalo.jp/support_s/s20161201.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7826"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7826"
},
{
"trust": 0.3,
"url": "http://buffalo.jp/"
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn40613060/index.html "
},
{
"trust": 0.3,
"url": "http://buffalo.jp/support_s/s20161201.html "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96646"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
},
{
"db": "NVD",
"id": "CVE-2016-7826"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96646"
},
{
"db": "BID",
"id": "94648"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
},
{
"db": "NVD",
"id": "CVE-2016-7826"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96646"
},
{
"date": "2016-12-02T00:00:00",
"db": "BID",
"id": "94648"
},
{
"date": "2016-12-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"date": "2016-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-091"
},
{
"date": "2017-06-09T16:29:01.047000",
"db": "NVD",
"id": "CVE-2016-7826"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-96646"
},
{
"date": "2016-12-20T02:05:00",
"db": "BID",
"id": "94648"
},
{
"date": "2017-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000241"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201612-091"
},
{
"date": "2024-11-21T02:58:33.160000",
"db": "NVD",
"id": "CVE-2016-7826"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WNC01WH vulnerable to directory traversal due to an issue in processing POST request",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000241"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201612-091"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…