Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Buffalotech Subscribe
Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4822 2 Buffalotech, Oracle 2 Airstation Whr-g54s, Database Server 2018-10-15 4.3 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter to cgi-bin/cgi, as demonstrated by accessing (1) ap.html and (2) filter_ip.html.
CVE-2006-5175 1 Buffalotech 1 Terastation Hd-htgl Firmware 2017-07-19 7.6 HIGH N/A
Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors.
CVE-2016-7824 1 Buffalotech 2 Wnc01wh, Wnc01wh Firmware 2017-06-15 6.5 MEDIUM 8.8 HIGH
Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.
CVE-2016-7822 1 Buffalotech 2 Wnc01wh, Wnc01wh Firmware 2017-06-15 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.
CVE-2016-7823 1 Buffalotech 2 Wnc01wh, Wnc01wh Firmware 2017-06-14 2.3 LOW 4.3 MEDIUM
Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-7825 1 Buffalotech 2 Wnc01wh, Wnc01wh Firmware 2017-06-14 4.0 MEDIUM 6.5 MEDIUM
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.
CVE-2016-7821 1 Buffalotech 2 Wnc01wh, Wnc01wh Firmware 2017-06-14 4.3 MEDIUM 6.5 MEDIUM
Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allow remote attackers to cause a denial of service against the management screen via unspecified vectors.
CVE-2016-7826 1 Buffalotech 2 Wnc01wh, Wnc01wh Firmware 2017-06-14 4.0 MEDIUM 6.5 MEDIUM
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.
CVE-2015-8262 1 Buffalotech 2 Airstation Extreme N600, Airstation Extreme N600 Firmware 2016-11-28 5.0 MEDIUM 6.8 MEDIUM
Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.
CVE-2016-1134 1 Buffalotech 16 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 13 more 2016-03-14 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users.
CVE-2016-1135 1 Buffalotech 16 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 13 more 2016-03-11 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-9284 1 Buffalotech 14 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 11 more 2015-06-16 7.7 HIGH N/A
The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVE-2011-1324 1 Buffalotech 43 As-100, Bbr-4hg, Bbr-4hg Firmware and 40 more 2011-05-26 5.8 MEDIUM N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password.