CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-10897
https://notcve.org/view.php?id=CVE-2017-10897
Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors. Un problema de validación de entradas en los routers de banda ancha Buffalo BBR-4HG y BBR-4MG con firmware 1.00 a 1.48 y 2.00 a 2.07 permite que un atacante provoque que el dispositivo no responda utilizando vectores no especificados. • http://buffalo.jp/support_s/s20171201.html https://jvn.jp/en/jp/JVN65994435/index.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-10896
https://notcve.org/view.php?id=CVE-2017-10896
Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en los routers de banda ancha Buffalo BBR-4HG y BBR-4MG con firmware 1.00 a 1.48 y 2.00 a 2.07 permite que un atacante inyecte scripts web o HTML arbitrarios utilizando vectores no especificados. • http://buffalo.jp/support_s/s20171201.html https://jvn.jp/en/jp/JVN65994435/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 118EXPL: 0CVE-2011-1324
https://notcve.org/view.php?id=CVE-2011-1324
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of administrators for requests that modify settings, as demonstrated by changing the login password. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en las Pantallas de gestión de las series WHR, WZR2, WZR, WER, y BBR de routers Buffalo con firmware v1.x; routers BHR-4RV y FS-G54 con firmware 2.x; y routers AS-100, permite a atacantes remotos secuestrar la autenticación de los administradores para peticiones que modifican la configuración como se demuestra con el cambio de la contraseña login. • http://buffalo.jp/support_s/20080808/csrf.html http://jvn.jp/en/jp/JVN50505257/index.html • CWE-352: Cross-Site Request Forgery (CSRF) •