Sign-up

ID

VAR-201706-0098


CVE

CVE-2016-7823


TITLE

WNC01WH vulnerable to stored cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-000238

DESCRIPTION

Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a stored cross-site scripting vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the logged-in user's web browser. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group

Trust: 1.98

sources: NVD: CVE-2016-7823 // JVNDB: JVNDB-2016-000238 // BID: 94648 // VULHUB: VHN-96643

AFFECTED PRODUCTS

vendor:buffalotechmodel:wnc01whscope:lteversion:1.0.0.8

Trust: 1.0

vendor:buffalomodel:wnc01whscope:lteversion:version 1.0.0.8

Trust: 0.8

vendor:buffalotechmodel:wnc01whscope:eqversion:1.0.0.8

Trust: 0.6

vendor:buffalomodel:wnc01whscope:eqversion:1.0.0.8

Trust: 0.3

vendor:buffalomodel:wnc01whscope:eqversion:1.0.0.5

Trust: 0.3

vendor:buffalomodel:wnc01whscope:eqversion:1.0.0.4

Trust: 0.3

vendor:buffalomodel:wnc01whscope:neversion:1.0.0.9

Trust: 0.3

sources: BID: 94648 // JVNDB: JVNDB-2016-000238 // CNNVD: CNNVD-201612-088 // NVD: CVE-2016-7823

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7823
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2016-000238
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201612-088
value: LOW

Trust: 0.6

VULHUB: VHN-96643
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2016-7823
severity: LOW
baseScore: 2.3
vectorString: AV:A/AC:M/AU:S/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2016-000238
severity: LOW
baseScore: 2.7
vectorString: AV:A/AC:L/AU:S/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-96643
severity: LOW
baseScore: 2.3
vectorString: AV:A/AC:M/AU:S/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7823
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 2.7
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-000238
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-96643 // JVNDB: JVNDB-2016-000238 // CNNVD: CNNVD-201612-088 // NVD: CVE-2016-7823

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-96643 // JVNDB: JVNDB-2016-000238 // NVD: CVE-2016-7823

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201612-088

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201612-088

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-000238

PATCH
title:BUFFALO INC. websiteurl:http://buffalo.jp/support_s/s20161201.html
Trust: 0.8
title:Buffalo WNC01WH Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66139
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-000238 // 
            
            
            
            CNNVD: CNNVD-201612-088

EXTERNAL IDS
db:JVNid:JVN40613060
Trust: 2.8
db:NVDid:CVE-2016-7823
Trust: 2.8
db:BIDid:94648
Trust: 2.0
db:JVNDBid:JVNDB-2016-000238
Trust: 0.8
db:CNNVDid:CNNVD-201612-088
Trust: 0.7
db:VULHUBid:VHN-96643
Trust: 0.1
sources:
            
            
            VULHUB: VHN-96643 // 
            
            
            
            BID: 94648 // 
            
            
            
            JVNDB: JVNDB-2016-000238 // 
            
            
            
            CNNVD: CNNVD-201612-088 // 
            
            
            
            NVD: CVE-2016-7823

REFERENCES
url:https://jvn.jp/en/jp/jvn40613060/index.html
Trust: 2.5
url:http://www.securityfocus.com/bid/94648
Trust: 1.7
url:http://buffalo.jp/support_s/s20161201.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7823
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-7823
Trust: 0.8
url:http://buffalo.jp/
Trust: 0.3
url:http://jvn.jp/en/jp/jvn40613060/index.html 
Trust: 0.3
url:http://buffalo.jp/support_s/s20161201.html 
Trust: 0.3
sources:
            
            
            VULHUB: VHN-96643 // 
            
            
            
            BID: 94648 // 
            
            
            
            JVNDB: JVNDB-2016-000238 // 
            
            
            
            CNNVD: CNNVD-201612-088 // 
            
            
            
            NVD: CVE-2016-7823

CREDITS
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions
Trust: 0.9
sources:
            
            
            BID: 94648 // 
            
            
            
            CNNVD: CNNVD-201612-088

SOURCES
db:VULHUBid:VHN-96643
db:BIDid:94648
db:JVNDBid:JVNDB-2016-000238
db:CNNVDid:CNNVD-201612-088
db:NVDid:CVE-2016-7823

LAST UPDATE DATE
2025-04-20T23:16:08.521000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-96643date:2017-06-15T00:00:00
db:BIDid:94648date:2016-12-20T02:05:00
db:JVNDBid:JVNDB-2016-000238date:2017-11-27T00:00:00
db:CNNVDid:CNNVD-201612-088date:2017-06-12T00:00:00
db:NVDid:CVE-2016-7823date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-96643date:2017-06-09T00:00:00
db:BIDid:94648date:2016-12-02T00:00:00
db:JVNDBid:JVNDB-2016-000238date:2016-12-02T00:00:00
db:CNNVDid:CNNVD-201612-088date:2016-12-06T00:00:00
db:NVDid:CVE-2016-7823date:2017-06-09T16:29:00.953