Design/Logic Flaw

2015-06-0900:59:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.7%

JSON

The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.

CPENameOperatorVersion
bhr-4grv2_firmwarele1.04
wex-300_firmwarele1.60
whr-1166dhp_firmwarele1.60
whr-300hp2_firmwarele1.60
whr-600d_firmwarele1.60
wmr-300_firmwarele1.60
wsr-600dhp_firmwarele1.60

Name	Operator	Version
bhr-4grv2_firmware	le	1.04
wex-300_firmware	le	1.60
whr-1166dhp_firmware	le	1.60
whr-300hp2_firmware	le	1.60
whr-600d_firmware	le	1.60
wmr-300_firmware	le	1.60
wsr-600dhp_firmware	le	1.60

References

jvn.jp/en/jp/JVN50447904/index.html

jvndb.jvn.jp/jvndb/JVNDB-2015-000085