ID
VAR-200805-0397
TITLE
Buffalo router configuration management interface vulnerable to remote access and password leakage
Trust: 0.8
DESCRIPTION
Some Buffalo routers have a vulnerability that could allow remote access from the WAN side. A remote attacker could exploit this vulnerability to manipulate a router by gaining administrative privileges. By accessing the management interface, a remote attacker could also obtain user's account and password information of the ISP using the save settings function.Configurations could be changed by the remote attacker. As the save configuration stores user's account and password information of ISPs in plain-text format, a remote attacker could steal such information and impersonate a user to gain illegal access.
Trust: 0.8
AFFECTED PRODUCTS
| vendor: | buffalo | model: | bbr-4hg | scope: | lte | version: | firmware version 1.04 | Trust: 0.8 |
| vendor: | buffalo | model: | bbr-4mg | scope: | lte | version: | firmware version 1.04 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
CONFIGURATIONS
PATCH
| title: | BBR-4HG FarmWare | url: | http://buffalo.jp/download/driver/lan/bbr4hg.html | Trust: 0.8 |
| title: | BBR-4MG FarmWare | url: | http://buffalo.jp/download/driver/lan/bbr4mg.html | Trust: 0.8 |
EXTERNAL IDS
| db: | JVN | id: | JVN55023557 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2005-000765 | Trust: 0.8 |
REFERENCES
| url: | http://jvn.jp/en/jp/jvn55023557/index.html | Trust: 0.8 |
SOURCES
| db: | JVNDB | id: | JVNDB-2005-000765 |
LAST UPDATE DATE
2022-05-17T02:01:30.868000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2005-000765 | date: | 2008-05-21T00:00:00 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2005-000765 | date: | 2008-05-21T00:00:00 |