Details of VAR-201606-0175

ID

VAR-201606-0175

CVE

CVE-2016-4816

TITLE

Multiple Buffalo wireless LAN routers vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2016-000087

DESCRIPTION

BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. Multiple Buffalo wireless LAN routers contain an information disclosure vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information such as authentication credentials may be disclosed by an unauthenticated remote attacker. The Buffalo WZR-600DHP3 and WZR-S600DHP are both wireless router products of the Buffalo Group in Japan. A remote attacker can exploit this vulnerability to obtain sensitive information

Trust: 2.52

sources: NVD: CVE-2016-4816 // JVNDB: JVNDB-2016-000087 // CNVD: CNVD-2016-03694 // BID: 90905 // VULHUB: VHN-93635

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-03694

AFFECTED PRODUCTS

vendor:	buffalo	model:	wapm-apg300n	scope:	lte	version:	2.62	Trust: 1.0
vendor:	buffalo	model:	wzr-600dhp3	scope:	lte	version:	2.16	Trust: 1.0
vendor:	buffalo	model:	wzr-1750dhp	scope:	lte	version:	2.28	Trust: 1.0
vendor:	buffalo	model:	wzr-600dhp	scope:	eq	version:	1.97	Trust: 1.0
vendor:	buffalo	model:	bhr-4grv	scope:	lte	version:	1.96	Trust: 1.0
vendor:	buffalo	model:	whr-300	scope:	lte	version:	1.96	Trust: 1.0
vendor:	buffalo	model:	fs-600dhp	scope:	lte	version:	3.34	Trust: 1.0
vendor:	buffalo	model:	wzr-300hp	scope:	lte	version:	1.96	Trust: 1.0
vendor:	buffalo	model:	wzr-1166dhp	scope:	lte	version:	2.13	Trust: 1.0
vendor:	buffalo	model:	wcr-300	scope:	lte	version:	1.86	Trust: 1.0
vendor:	buffalo	model:	wzr-hp-g301nh	scope:	lte	version:	1.81	Trust: 1.0
vendor:	buffalo	model:	wzr-450hp	scope:	lte	version:	1.97	Trust: 1.0
vendor:	buffalo	model:	wzr-s900dhp	scope:	lte	version:	2.16	Trust: 1.0
vendor:	buffalo	model:	wzr-hp-ag300h	scope:	lte	version:	1.73	Trust: 1.0
vendor:	buffalo	model:	wzr-900dhp2	scope:	lte	version:	2.16	Trust: 1.0
vendor:	buffalo	model:	wzr-450hp-cwt	scope:	lte	version:	1.92	Trust: 1.0
vendor:	buffalo	model:	wxr-1900dhp	scope:	lte	version:	2.34	Trust: 1.0
vendor:	buffalo	model:	wzr-450hp-ub	scope:	lte	version:	1.96	Trust: 1.0
vendor:	buffalo	model:	wzr-hp-g450h	scope:	lte	version:	1.87	Trust: 1.0
vendor:	buffalo	model:	wapm-ag300n	scope:	lte	version:	2.62	Trust: 1.0
vendor:	buffalo	model:	wzr-s1750dhp	scope:	lte	version:	2.28	Trust: 1.0
vendor:	buffalo	model:	wzr-d1100h	scope:	lte	version:	1.96	Trust: 1.0
vendor:	buffalo	model:	wzr-s600dhp	scope:	lte	version:	2.16	Trust: 1.0
vendor:	buffalo	model:	dwr-hp-g300nh	scope:	lte	version:	1.81	Trust: 1.0
vendor:	buffalo	model:	wpl-05g300	scope:	lte	version:	1.86	Trust: 1.0
vendor:	buffalo	model:	whr-300hp	scope:	lte	version:	1.96	Trust: 1.0
vendor:	buffalo	model:	wzr-1750dhp2	scope:	lte	version:	2.28	Trust: 1.0
vendor:	buffalo	model:	wzr-hp-g302h	scope:	lte	version:	1.83	Trust: 1.0
vendor:	buffalo	model:	wzr-900dhp	scope:	lte	version:	1.11	Trust: 1.0
vendor:	buffalo	model:	wxr-1750dhp	scope:	lte	version:	2.42	Trust: 1.0
vendor:	buffalo	model:	wzr-900dhp2	scope:	lte	version:	1.13	Trust: 1.0
vendor:	buffalo	model:	whr-hp-g300n	scope:	lte	version:	1.96	Trust: 1.0
vendor:	buffalo	model:	wzr-1166dhp2	scope:	lte	version:	2.13	Trust: 1.0
vendor:	buffalo	model:	wzr-hp-g300nh	scope:	lte	version:	1.81	Trust: 1.0
vendor:	buffalo	model:	hw-450hp-zwe	scope:	lte	version:	1.91	Trust: 1.0
vendor:	buffalo	model:	wzr-600dhp3	scope:	lte	version:	ver.2.16	Trust: 0.8
vendor:	buffalo	model:	wzr-s600dhp	scope:	lte	version:	ver.2.16	Trust: 0.8
vendor:	buffalo	model:	wzr-600dhp3 <=ver.2.16	scope:	-	version:	-	Trust: 0.6
vendor:	buffalo	model:	wzr-s600dhp <=ver.2.16	scope:	-	version:	-	Trust: 0.6
vendor:	buffalo	model:	wzr-600dhp	scope:	eq	version:	-	Trust: 0.6
vendor:	buffalo	model:	wzr-450hp	scope:	eq	version:	-	Trust: 0.6
vendor:	buffalo	model:	wzr-hp-g301nh	scope:	eq	version:	-	Trust: 0.6
vendor:	buffalo	model:	wzr-600dhp3	scope:	eq	version:	-	Trust: 0.6
vendor:	buffalo	model:	wxr-1750dhp	scope:	eq	version:	-	Trust: 0.6
vendor:	buffalo	model:	wzr-450hp-cwt	scope:	eq	version:	-	Trust: 0.6
vendor:	buffalo	model:	hw-450hp-zwe	scope:	eq	version:	-	Trust: 0.6
vendor:	buffalo	model:	wzr-900dhp2	scope:	eq	version:	-	Trust: 0.6
vendor:	buffalo	model:	wcr-300	scope:	eq	version:	-	Trust: 0.6
vendor:	buffalo	model:	wzr-hp-g450h	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2016-03694 // JVNDB: JVNDB-2016-000087 // CNNVD: CNNVD-201605-674 // NVD: CVE-2016-4816

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4816
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2016-000087
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-03694
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201605-674
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-93635
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-4816
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2016-000087
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2016-03694
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-93635
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-4816
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.0
Trust: 1.0
IPA:	JVNDB-2016-000087
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2016-03694 // VULHUB: VHN-93635 // JVNDB: JVNDB-2016-000087 // CNNVD: CNNVD-201605-674 // NVD: CVE-2016-4816

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-93635 // JVNDB: JVNDB-2016-000087 // NVD: CVE-2016-4816

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201605-674

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201605-674

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-000087

PATCH

title:	BUFFALO INC. website	url:	http://buffalo.jp/support_s/s20160527a.html	Trust: 0.8
title:	Patch for BuffaloWZR-600DHP3 and WZR-S600DHP Information Disclosure Vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/76685	Trust: 0.6
title:	Buffalo WZR-600DHP3 and WZR-S600DHP Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61984	Trust: 0.6

sources: CNVD: CNVD-2016-03694 // JVNDB: JVNDB-2016-000087 // CNNVD: CNNVD-201605-674

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4816	Trust: 3.4
db:	JVNDB	id:	JVNDB-2016-000087	Trust: 3.1
db:	JVN	id:	JVN75813272	Trust: 3.1
db:	CNNVD	id:	CNNVD-201605-674	Trust: 0.7
db:	CNVD	id:	CNVD-2016-03694	Trust: 0.6
db:	BID	id:	90905	Trust: 0.4
db:	VULHUB	id:	VHN-93635	Trust: 0.1

sources: CNVD: CNVD-2016-03694 // VULHUB: VHN-93635 // BID: 90905 // JVNDB: JVNDB-2016-000087 // CNNVD: CNNVD-201605-674 // NVD: CVE-2016-4816

REFERENCES

url:	http://jvn.jp/en/jp/jvn75813272/index.html	Trust: 3.1
url:	http://jvndb.jvn.jp/jvndb/jvndb-2016-000087	Trust: 2.3
url:	http://buffalo.jp/support_s/s20160527a.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4816	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4816	Trust: 0.8

sources: CNVD: CNVD-2016-03694 // VULHUB: VHN-93635 // JVNDB: JVNDB-2016-000087 // CNNVD: CNNVD-201605-674 // NVD: CVE-2016-4816

CREDITS

Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc.

Trust: 0.9

sources: BID: 90905 // CNNVD: CNNVD-201605-674

SOURCES

db:	CNVD	id:	CNVD-2016-03694
db:	VULHUB	id:	VHN-93635
db:	BID	id:	90905
db:	JVNDB	id:	JVNDB-2016-000087
db:	CNNVD	id:	CNNVD-201605-674
db:	NVD	id:	CVE-2016-4816

LAST UPDATE DATE

2025-04-13T23:29:29.650000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-03694	date:	2016-05-31T00:00:00
db:	VULHUB	id:	VHN-93635	date:	2016-06-21T00:00:00
db:	BID	id:	90905	date:	2016-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2016-000087	date:	2016-06-27T00:00:00
db:	CNNVD	id:	CNNVD-201605-674	date:	2016-06-20T00:00:00
db:	NVD	id:	CVE-2016-4816	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-03694	date:	2016-05-31T00:00:00
db:	VULHUB	id:	VHN-93635	date:	2016-06-19T00:00:00
db:	BID	id:	90905	date:	2016-05-27T00:00:00
db:	JVNDB	id:	JVNDB-2016-000087	date:	2016-05-27T00:00:00
db:	CNNVD	id:	CNNVD-201605-674	date:	2016-05-27T00:00:00
db:	NVD	id:	CVE-2016-4816	date:	2016-06-19T01:59:11.043