Sign-up

ID

VAR-201606-0174


CVE

CVE-2016-4815


TITLE

Multiple Buffalo wireless LAN routers vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2016-000086

DESCRIPTION

Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. Multiple wireless LAN routers provided by BUFFALO INC. contain a directory traversal vulnerability (CWE-22). Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary files on the server may be viewed by an attacker who can access the product. An attacker could exploit this vulnerability to read any file on the server. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks. The following versions are affected: WZR-S600DHP firmware version 2.16 and prior. WZR-600DHP3 firmware version 2.16 and prior

Trust: 2.52

sources: NVD: CVE-2016-4815 // JVNDB: JVNDB-2016-000086 // CNVD: CNVD-2016-03693 // BID: 90903 // VULHUB: VHN-93634

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-03693

AFFECTED PRODUCTS

vendor:buffalomodel:wzr-600dhp3scope:lteversion:2.16

Trust: 1.0

vendor:buffalomodel:wzr-s900dhpscope:lteversion:2.16

Trust: 1.0

vendor:buffalomodel:wzr-900dhpscope:lteversion:1.11

Trust: 1.0

vendor:buffalomodel:wzr-600dhp2scope:lteversion:1.13

Trust: 1.0

vendor:buffalomodel:wzr-900dhp2scope:lteversion:2.16

Trust: 1.0

vendor:buffalomodel:wzr-s600dhpscope:lteversion:2.16

Trust: 1.0

vendor:buffalomodel:wzr-600dhp3scope:lteversion:ver.2.16

Trust: 0.8

vendor:buffalomodel:wzr-s600dhpscope:lteversion:ver.2.16

Trust: 0.8

vendor:buffalomodel:wzr-600dhp3 <=ver.2.16scope: - version: -

Trust: 0.6

vendor:buffalomodel:wzr-s600dhp <=ver.2.16scope: - version: -

Trust: 0.6

vendor:buffalomodel:wzr-900dhpscope:eqversion: -

Trust: 0.6

vendor:buffalomodel:wzr-s600dhpscope:eqversion: -

Trust: 0.6

vendor:buffalomodel:wzr-600dhp3scope:eqversion: -

Trust: 0.6

vendor:buffalomodel:wzr-900dhp2scope:eqversion: -

Trust: 0.6

vendor:buffalomodel:wzr-600dhp2scope:eqversion: -

Trust: 0.6

vendor:buffalomodel:wzr-s900dhpscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2016-03693 // JVNDB: JVNDB-2016-000086 // CNNVD: CNNVD-201605-675 // NVD: CVE-2016-4815

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4815
value: HIGH

Trust: 1.0

IPA: JVNDB-2016-000086
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-03693
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201605-675
value: MEDIUM

Trust: 0.6

VULHUB: VHN-93634
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4815
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2016-000086
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2016-03693
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-93634
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4815
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-000086
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-03693 // VULHUB: VHN-93634 // JVNDB: JVNDB-2016-000086 // CNNVD: CNNVD-201605-675 // NVD: CVE-2016-4815

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-93634 // JVNDB: JVNDB-2016-000086 // NVD: CVE-2016-4815

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-675

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201605-675

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-000086

PATCH
title:BUFFALO INC. websiteurl:http://buffalo.jp/support_s/s20160527b.html
Trust: 0.8
title:BuffaloWZR-S600DHP and WZR-600DHP3 Directory Traversal Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/76686
Trust: 0.6
title:Buffalo WZR-S600DHP  and WZR-600DHP3 Fixes for directory traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61985
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-03693 // 
            
            
            
            JVNDB: JVNDB-2016-000086 // 
            
            
            
            CNNVD: CNNVD-201605-675

EXTERNAL IDS
db:NVDid:CVE-2016-4815
Trust: 3.4
db:JVNDBid:JVNDB-2016-000086
Trust: 3.1
db:JVNid:JVN81698369
Trust: 3.1
db:CNNVDid:CNNVD-201605-675
Trust: 0.7
db:CNVDid:CNVD-2016-03693
Trust: 0.6
db:BIDid:90903
Trust: 0.4
db:VULHUBid:VHN-93634
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-03693 // 
            
            
            
            VULHUB: VHN-93634 // 
            
            
            
            BID: 90903 // 
            
            
            
            JVNDB: JVNDB-2016-000086 // 
            
            
            
            CNNVD: CNNVD-201605-675 // 
            
            
            
            NVD: CVE-2016-4815

REFERENCES
url:http://jvn.jp/en/jp/jvn81698369/index.html
Trust: 3.1
url:http://jvndb.jvn.jp/jvndb/jvndb-2016-000086
Trust: 2.3
url:http://buffalo.jp/support_s/s20160527b.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4815
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4815
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-03693 // 
            
            
            
            VULHUB: VHN-93634 // 
            
            
            
            JVNDB: JVNDB-2016-000086 // 
            
            
            
            CNNVD: CNNVD-201605-675 // 
            
            
            
            NVD: CVE-2016-4815

CREDITS
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.
Trust: 0.9
sources:
            
            
            BID: 90903 // 
            
            
            
            CNNVD: CNNVD-201605-675

SOURCES
db:CNVDid:CNVD-2016-03693
db:VULHUBid:VHN-93634
db:BIDid:90903
db:JVNDBid:JVNDB-2016-000086
db:CNNVDid:CNNVD-201605-675
db:NVDid:CVE-2016-4815

LAST UPDATE DATE
2025-04-13T23:09:34.964000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-03693date:2016-05-31T00:00:00
db:VULHUBid:VHN-93634date:2016-06-21T00:00:00
db:BIDid:90903date:2016-05-27T00:00:00
db:JVNDBid:JVNDB-2016-000086date:2016-06-27T00:00:00
db:CNNVDid:CNNVD-201605-675date:2016-06-20T00:00:00
db:NVDid:CVE-2016-4815date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-03693date:2016-05-31T00:00:00
db:VULHUBid:VHN-93634date:2016-06-19T00:00:00
db:BIDid:90903date:2016-05-27T00:00:00
db:JVNDBid:JVNDB-2016-000086date:2016-05-27T00:00:00
db:CNNVDid:CNNVD-201605-675date:2016-05-27T00:00:00
db:NVDid:CVE-2016-4815date:2016-06-19T01:59:10.030