CVE-2016-4816

moderate-risk

Published 2016-06-19

BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors.

Do I need to act?

0.38% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Wzr-Hp-G450H Firmware

Wzr-900Dhp2 Firmware

Wzr-Hp-G301Nh Firmware

Wzr-1750Dhp Firmware

Wzr-S1750Dhp Firmware

Wzr-D1100H Firmware

Wpl-05G300 Firmware

Wzr-S900Dhp Firmware

Dwr-Hp-G300Nh Firmware

Whr-300Hp Firmware

Wzr-1750Dhp2 Firmware

Wapm-Apg300N Firmware

Whr-Hp-G300N Firmware

Bhr-4Grv Firmware

Wzr-450Hp-Ub Firmware

Fs-600Dhp Firmware

Wapm-Ag300N Firmware

Wzr-600Dhp3 Firmware

Hw-450Hp-Zwe Firmware

Wzr-450Hp Firmware

Affected Vendors

Buffalo

References (6)

Patch http://buffalo.jp/support_s/s20160527a.html

Vendor Advisory http://jvn.jp/en/jp/JVN75813272/index.html

Vendor Advisory http://jvndb.jvn.jp/jvndb/JVNDB-2016-000087

Patch http://buffalo.jp/support_s/s20160527a.html

Vendor Advisory http://jvn.jp/en/jp/JVN75813272/index.html

Vendor Advisory http://jvndb.jvn.jp/jvndb/JVNDB-2016-000087

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 23/34 · High