Sign-up

ID

VAR-201706-0070


CVE

CVE-2016-7826


TITLE

WNC01WH vulnerable to directory traversal due to an issue in processing POST request

Trust: 0.8

sources: JVNDB: JVNDB-2016-000241

DESCRIPTION

Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing POST request. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An authenticated attacker may delete arbitrary files on the product. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group

Trust: 1.98

sources: NVD: CVE-2016-7826 // JVNDB: JVNDB-2016-000241 // BID: 94648 // VULHUB: VHN-96646

AFFECTED PRODUCTS

vendor:buffalotechmodel:wnc01whscope:lteversion:1.0.0.8

Trust: 1.0

vendor:buffalomodel:wnc01whscope:lteversion:version 1.0.0.8

Trust: 0.8

vendor:buffalotechmodel:wnc01whscope:eqversion:1.0.0.8

Trust: 0.6

vendor:buffalomodel:wnc01whscope:eqversion:1.0.0.8

Trust: 0.3

vendor:buffalomodel:wnc01whscope:eqversion:1.0.0.5

Trust: 0.3

vendor:buffalomodel:wnc01whscope:eqversion:1.0.0.4

Trust: 0.3

vendor:buffalomodel:wnc01whscope:neversion:1.0.0.9

Trust: 0.3

sources: BID: 94648 // JVNDB: JVNDB-2016-000241 // CNNVD: CNNVD-201612-091 // NVD: CVE-2016-7826

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7826
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2016-000241
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201612-091
value: MEDIUM

Trust: 0.6

VULHUB: VHN-96646
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-7826
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2016-000241
severity: MEDIUM
baseScore: 6.2
vectorString: AV:A/AC:L/AU:S/C:N/I:P/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-96646
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7826
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-000241
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-96646 // JVNDB: JVNDB-2016-000241 // CNNVD: CNNVD-201612-091 // NVD: CVE-2016-7826

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-96646 // JVNDB: JVNDB-2016-000241 // NVD: CVE-2016-7826

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-091

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201612-091

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-000241

PATCH
title:BUFFALO INC. websiteurl:http://buffalo.jp/support_s/s20161201.html
Trust: 0.8
title:Buffalo WNC01WH Fixes for directory traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66142
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-000241 // 
            
            
            
            CNNVD: CNNVD-201612-091

EXTERNAL IDS
db:NVDid:CVE-2016-7826
Trust: 2.8
db:JVNid:JVN40613060
Trust: 2.8
db:BIDid:94648
Trust: 2.0
db:JVNDBid:JVNDB-2016-000241
Trust: 0.8
db:CNNVDid:CNNVD-201612-091
Trust: 0.7
db:VULHUBid:VHN-96646
Trust: 0.1
sources:
            
            
            VULHUB: VHN-96646 // 
            
            
            
            BID: 94648 // 
            
            
            
            JVNDB: JVNDB-2016-000241 // 
            
            
            
            CNNVD: CNNVD-201612-091 // 
            
            
            
            NVD: CVE-2016-7826

REFERENCES
url:https://jvn.jp/en/jp/jvn40613060/index.html
Trust: 2.5
url:http://www.securityfocus.com/bid/94648
Trust: 1.7
url:http://buffalo.jp/support_s/s20161201.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7826
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-7826
Trust: 0.8
url:http://buffalo.jp/
Trust: 0.3
url:http://jvn.jp/en/jp/jvn40613060/index.html 
Trust: 0.3
url:http://buffalo.jp/support_s/s20161201.html 
Trust: 0.3
sources:
            
            
            VULHUB: VHN-96646 // 
            
            
            
            BID: 94648 // 
            
            
            
            JVNDB: JVNDB-2016-000241 // 
            
            
            
            CNNVD: CNNVD-201612-091 // 
            
            
            
            NVD: CVE-2016-7826

CREDITS
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions
Trust: 0.9
sources:
            
            
            BID: 94648 // 
            
            
            
            CNNVD: CNNVD-201612-091

SOURCES
db:VULHUBid:VHN-96646
db:BIDid:94648
db:JVNDBid:JVNDB-2016-000241
db:CNNVDid:CNNVD-201612-091
db:NVDid:CVE-2016-7826

LAST UPDATE DATE
2025-04-20T23:16:08.489000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-96646date:2017-06-14T00:00:00
db:BIDid:94648date:2016-12-20T02:05:00
db:JVNDBid:JVNDB-2016-000241date:2017-11-27T00:00:00
db:CNNVDid:CNNVD-201612-091date:2017-06-12T00:00:00
db:NVDid:CVE-2016-7826date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-96646date:2017-06-09T00:00:00
db:BIDid:94648date:2016-12-02T00:00:00
db:JVNDBid:JVNDB-2016-000241date:2016-12-02T00:00:00
db:CNNVDid:CNNVD-201612-091date:2016-12-06T00:00:00
db:NVDid:CVE-2016-7826date:2017-06-09T16:29:01.047