Sign-up

ID

VAR-201706-0100


CVE

CVE-2016-7825


TITLE

WNC01WH vulnerable to directory traversal due to an issue in processing commands

Trust: 0.8

sources: JVNDB: JVNDB-2016-000240

DESCRIPTION

Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a directory traversal vulnerability due to an issue in processing commands. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An authenticated attacker may obtain arbitrary files on the product. Buffalo WNC01WH camera is prone to the following security vulnerabilities: 1. A denial-of-service vulnerability 2. A cross-site request forgery vulnerability 3. An HTML-injection vulnerability 4. A security bypass vulnerability 5. Multiple directory-traversal vulnerabilities An attacker can exploit these issues to perform unauthorized actions, bypass security restrictions, cause denial-of-service conditions, execute attacker-supplied HTML or JavaScript code in the context of the affected site, to steal cookie-based authentication credentials or gain access to sensitive information. Buffalo WNC01WH firmware version 1.0.0.8 and prior are vulnerable. Buffalo WNC01WH is a network camera of Japan Buffalo Group

Trust: 1.98

sources: NVD: CVE-2016-7825 // JVNDB: JVNDB-2016-000240 // BID: 94648 // VULHUB: VHN-96645

AFFECTED PRODUCTS

vendor:buffalotechmodel:wnc01whscope:lteversion:1.0.0.8

Trust: 1.0

vendor:buffalomodel:wnc01whscope:lteversion:version 1.0.0.8

Trust: 0.8

vendor:buffalotechmodel:wnc01whscope:eqversion:1.0.0.8

Trust: 0.6

vendor:buffalomodel:wnc01whscope:eqversion:1.0.0.8

Trust: 0.3

vendor:buffalomodel:wnc01whscope:eqversion:1.0.0.5

Trust: 0.3

vendor:buffalomodel:wnc01whscope:eqversion:1.0.0.4

Trust: 0.3

vendor:buffalomodel:wnc01whscope:neversion:1.0.0.9

Trust: 0.3

sources: BID: 94648 // JVNDB: JVNDB-2016-000240 // CNNVD: CNNVD-201612-090 // NVD: CVE-2016-7825

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7825
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2016-000240
value: LOW

Trust: 0.8

CNNVD: CNNVD-201612-090
value: MEDIUM

Trust: 0.6

VULHUB: VHN-96645
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-7825
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2016-000240
severity: LOW
baseScore: 1.4
vectorString: AV:A/AC:H/AU:S/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-96645
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7825
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-000240
baseSeverity: LOW
baseScore: 2.0
vectorString: CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: HIGH
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-96645 // JVNDB: JVNDB-2016-000240 // CNNVD: CNNVD-201612-090 // NVD: CVE-2016-7825

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-96645 // JVNDB: JVNDB-2016-000240 // NVD: CVE-2016-7825

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201612-090

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201612-090

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-000240

PATCH
title:BUFFALO INC. websiteurl:http://buffalo.jp/support_s/s20161201.html
Trust: 0.8
title:Buffalo WNC01WH Fixes for directory traversal vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=66141
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-000240 // 
            
            
            
            CNNVD: CNNVD-201612-090

EXTERNAL IDS
db:JVNid:JVN40613060
Trust: 2.8
db:NVDid:CVE-2016-7825
Trust: 2.8
db:BIDid:94648
Trust: 2.0
db:JVNDBid:JVNDB-2016-000240
Trust: 0.8
db:CNNVDid:CNNVD-201612-090
Trust: 0.7
db:VULHUBid:VHN-96645
Trust: 0.1
sources:
            
            
            VULHUB: VHN-96645 // 
            
            
            
            BID: 94648 // 
            
            
            
            JVNDB: JVNDB-2016-000240 // 
            
            
            
            CNNVD: CNNVD-201612-090 // 
            
            
            
            NVD: CVE-2016-7825

REFERENCES
url:https://jvn.jp/en/jp/jvn40613060/index.html
Trust: 2.5
url:http://www.securityfocus.com/bid/94648
Trust: 1.7
url:http://buffalo.jp/support_s/s20161201.html
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7825
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-7825
Trust: 0.8
url:http://buffalo.jp/
Trust: 0.3
url:http://jvn.jp/en/jp/jvn40613060/index.html 
Trust: 0.3
url:http://buffalo.jp/support_s/s20161201.html 
Trust: 0.3
sources:
            
            
            VULHUB: VHN-96645 // 
            
            
            
            BID: 94648 // 
            
            
            
            JVNDB: JVNDB-2016-000240 // 
            
            
            
            CNNVD: CNNVD-201612-090 // 
            
            
            
            NVD: CVE-2016-7825

CREDITS
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions
Trust: 0.9
sources:
            
            
            BID: 94648 // 
            
            
            
            CNNVD: CNNVD-201612-090

SOURCES
db:VULHUBid:VHN-96645
db:BIDid:94648
db:JVNDBid:JVNDB-2016-000240
db:CNNVDid:CNNVD-201612-090
db:NVDid:CVE-2016-7825

LAST UPDATE DATE
2025-04-20T23:16:08.428000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-96645date:2017-06-15T00:00:00
db:BIDid:94648date:2016-12-20T02:05:00
db:JVNDBid:JVNDB-2016-000240date:2017-11-27T00:00:00
db:CNNVDid:CNNVD-201612-090date:2017-06-12T00:00:00
db:NVDid:CVE-2016-7825date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-96645date:2017-06-09T00:00:00
db:BIDid:94648date:2016-12-02T00:00:00
db:JVNDBid:JVNDB-2016-000240date:2016-12-02T00:00:00
db:CNNVDid:CNNVD-201612-090date:2016-12-06T00:00:00
db:NVDid:CVE-2016-7825date:2017-06-09T16:29:01.033