CVE-2016-4815

Published: Jun 19, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors.

Affected (6)

Products: Buffalo: Wzr 900dhp2 Firmware, Wzr 600dhp3 Firmware, Wzr S900dhp Firmware, Wzr S600dhp Firmware, Wzr 900dhp Firmware, Wzr 600dhp2 Firmware

6 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wzr 900dhp2 Firmware	Up to 2.16

Running on/with	Platform Versions
Buffalo Wzr 900dhp2	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wzr 600dhp3 Firmware	Up to 2.16

Running on/with	Platform Versions
Buffalo Wzr 600dhp3	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wzr S900dhp Firmware	Up to 2.16

Running on/with	Platform Versions
Buffalo Wzr S900dhp	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wzr S600dhp Firmware	Up to 2.16

Running on/with	Platform Versions
Buffalo Wzr S600dhp	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wzr 900dhp Firmware	Up to 1.11

Running on/with	Platform Versions
Buffalo Wzr 900dhp	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Wzr 600dhp2 Firmware	Up to 1.13

Running on/with	Platform Versions
Buffalo Wzr 600dhp2	All versions

Related CWEs

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (6)

http://buffalo.jp/support_s/s20160527b.html

Source: vultures@jpcert.or.jp

PatchVendor Advisory

http://jvn.jp/en/jp/JVN81698369/index.html

Source: vultures@jpcert.or.jp

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000086

Source: vultures@jpcert.or.jp

Vendor Advisory

http://buffalo.jp/support_s/s20160527b.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://jvn.jp/en/jp/JVN81698369/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://jvndb.jvn.jp/jvndb/JVNDB-2016-000086

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.