Sign-up

ID

VAR-201705-4200


TITLE

Buffalo routing product has a universal cookie forgery login vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-04232

DESCRIPTION

Buffalo is a router made by an American company. The Buffalo routing product has a general cookie forgery login vulnerability. An attacker can use the vulnerability to modify the cookie information, bypass login authentication and log in to the WEB console to obtain router control permissions.

Trust: 0.6

sources: CNVD: CNVD-2017-04232

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04232

AFFECTED PRODUCTS

vendor:buffalomodel:routerscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-04232

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2017-04232
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2017-04232
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2017-04232

PATCH

title:Buffalo routing product has a universal cookie forgery login vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/91582

Trust: 0.6

sources: CNVD: CNVD-2017-04232

EXTERNAL IDS

db:CNVDid:CNVD-2017-04232

Trust: 0.6

sources: CNVD: CNVD-2017-04232

SOURCES

db:CNVDid:CNVD-2017-04232

LAST UPDATE DATE

2022-05-04T09:17:31.900000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-04232date:2017-04-17T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-04232date:2017-05-20T00:00:00