CVE-2016-1135

Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:h:buffalotech:wmr-300:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalotech:wmr-300_firmware:1.90:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:h:buffalotech:wex-300:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalotech:wex-300_firmware:1.90:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:h:buffalotech:wmr-433:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalotech:wmr-433_firmware:1.01:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:h:buffalotech:bhr-4grv2:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalotech:bhr-4grv2_firmware:1.04:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:h:buffalotech:whr-300hp2:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalotech:whr-300hp2_firmware:1.90:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:h:buffalotech:whr-1166dhp:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalotech:whr-1166dhp_firmware:1.90:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:h:buffalotech:whr-600d:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalotech:whr-600d_firmware:1.90:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:h:buffalotech:wsr-1166dhp:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalotech:wsr-1166dhp_firmware:1.01:*:*:*:*:*:*:*

History

No history.

Information

Published : 2016-01-22 11:59

Updated : 2024-02-04 18:53


NVD link : CVE-2016-1135

Mitre link : CVE-2016-1135

CVE.ORG link : CVE-2016-1135


JSON object : View

Products Affected

buffalotech

  • whr-300hp2
  • wex-300
  • whr-600d_firmware
  • wex-300_firmware
  • wmr-433_firmware
  • whr-600d
  • wmr-300_firmware
  • wmr-300
  • whr-300hp2_firmware
  • wmr-433
  • bhr-4grv2
  • wsr-1166dhp_firmware
  • whr-1166dhp_firmware
  • wsr-1166dhp
  • bhr-4grv2_firmware
  • whr-1166dhp
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')