CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0522
https://notcve.org/view.php?id=CVE-2018-0522
Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file. Desbordamiento de búfer en Buffalo WXR-1900DHP2, con firmware en versiones 2.48 y anteriores, permite que un atacante ejecute código arbitrario mediante un archivo especialmente manipulado. • http://buffalo.jp/support_s/s20180223.html https://jvn.jp/en/jp/JVN97144273/index.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-10897
https://notcve.org/view.php?id=CVE-2017-10897
Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors. Un problema de validación de entradas en los routers de banda ancha Buffalo BBR-4HG y BBR-4MG con firmware 1.00 a 1.48 y 2.00 a 2.07 permite que un atacante provoque que el dispositivo no responda utilizando vectores no especificados. • http://buffalo.jp/support_s/s20171201.html https://jvn.jp/en/jp/JVN65994435/index.html • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-10896
https://notcve.org/view.php?id=CVE-2017-10896
Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en los routers de banda ancha Buffalo BBR-4HG y BBR-4MG con firmware 1.00 a 1.48 y 2.00 a 2.07 permite que un atacante inyecte scripts web o HTML arbitrarios utilizando vectores no especificados. • http://buffalo.jp/support_s/s20171201.html https://jvn.jp/en/jp/JVN65994435/index.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10811
https://notcve.org/view.php?id=CVE-2017-10811
Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. Los dispositivos Buffalo WCR-1166DS con firmware 1.30 y anteriores permiten que un atacante ejecute comandos SO arbitrarios mediante vectores sin especificar. • http://buffalo.jp/support_s/s20170804_1.html https://jvn.jp/en/jp/JVN05340005/index.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2126
https://notcve.org/view.php?id=CVE-2017-2126
WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors. WAPM-1166D firmware versión 1.2.7 y anteriores, y WAPM-APG600H firmware versión 1.16.1 y anteriores, permite a los atacantes remotos omitir la autenticación y acceder a la interfaz de configuración por medio de vectores no especificados. • http://buffalo.jp/support_s/s20170718.html https://jvn.jp/en/jp/JVN48823557/index.html • CWE-287: Improper Authentication •