// For flags

CVE-2016-1135

 

Severity Score

6.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerabilidad de XSS en dispositivos BUFFALO BHR-4GRV2 con firmware 1.04 y versiones anteriores, dispositivos WEX-300 con firmware 1.90 y versiones anteriores, dispositivos WHR-1166DHP con firmware 1.90 y versiones anteriores, dispositivos WHR-300HP2 con firmware 1.90 y versiones anteriores, dispositivos WHR-600D con firmware 1.90 y versiones anteriores, dispositivos WMR-300 con firmware 1.90 y versiones anteriores, dispositivos WMR-433 con firmware 1.01 y versiones anteriores y dispositivos WSR-1166DHP con firmware 1.01 y versiones anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-12-26 CVE Reserved
  • 2016-01-22 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
http://jvn.jp/en/jp/JVN49225722/index.html 2016-03-11
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000006 2016-03-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Buffalotech
Search vendor "Buffalotech"
 Wmr-300 Firmware
Search vendor "Buffalotech" for product "Wmr-300 Firmware"
 1.90
Search vendor "Buffalotech" for product "Wmr-300 Firmware" and version "1.90"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Wmr-300
Search vendor "Buffalotech" for product "Wmr-300"
--
Safe
Buffalotech
Search vendor "Buffalotech"
 Wex-300 Firmware
Search vendor "Buffalotech" for product "Wex-300 Firmware"
 1.90
Search vendor "Buffalotech" for product "Wex-300 Firmware" and version "1.90"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Wex-300
Search vendor "Buffalotech" for product "Wex-300"
--
Safe
Buffalotech
Search vendor "Buffalotech"
 Wmr-433 Firmware
Search vendor "Buffalotech" for product "Wmr-433 Firmware"
 1.01
Search vendor "Buffalotech" for product "Wmr-433 Firmware" and version "1.01"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Wmr-433
Search vendor "Buffalotech" for product "Wmr-433"
--
Safe
Buffalotech
Search vendor "Buffalotech"
 Bhr-4grv2 Firmware
Search vendor "Buffalotech" for product "Bhr-4grv2 Firmware"
 1.04
Search vendor "Buffalotech" for product "Bhr-4grv2 Firmware" and version "1.04"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Bhr-4grv2
Search vendor "Buffalotech" for product "Bhr-4grv2"
--
Safe
Buffalotech
Search vendor "Buffalotech"
 Whr-300hp2 Firmware
Search vendor "Buffalotech" for product "Whr-300hp2 Firmware"
 1.90
Search vendor "Buffalotech" for product "Whr-300hp2 Firmware" and version "1.90"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Whr-300hp2
Search vendor "Buffalotech" for product "Whr-300hp2"
--
Safe
Buffalotech
Search vendor "Buffalotech"
 Whr-1166dhp Firmware
Search vendor "Buffalotech" for product "Whr-1166dhp Firmware"
 1.90
Search vendor "Buffalotech" for product "Whr-1166dhp Firmware" and version "1.90"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Whr-1166dhp
Search vendor "Buffalotech" for product "Whr-1166dhp"
--
Safe
Buffalotech
Search vendor "Buffalotech"
 Whr-600d Firmware
Search vendor "Buffalotech" for product "Whr-600d Firmware"
 1.90
Search vendor "Buffalotech" for product "Whr-600d Firmware" and version "1.90"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Whr-600d
Search vendor "Buffalotech" for product "Whr-600d"
--
Safe
Buffalotech
Search vendor "Buffalotech"
 Wsr-1166dhp Firmware
Search vendor "Buffalotech" for product "Wsr-1166dhp Firmware"
 1.01
Search vendor "Buffalotech" for product "Wsr-1166dhp Firmware" and version "1.01"
-
Affected
in Buffalotech
Search vendor "Buffalotech"
 Wsr-1166dhp
Search vendor "Buffalotech" for product "Wsr-1166dhp"
--
Safe