Vulnerability Description
Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Buffalotech | Wmr-300 | - |
| Buffalotech | Wmr-300 Firmware | 1.90 |
| Buffalotech | Wex-300 | - |
| Buffalotech | Wex-300 Firmware | 1.90 |
| Buffalotech | Wmr-433 | - |
| Buffalotech | Wmr-433 Firmware | 1.01 |
| Buffalotech | Bhr-4Grv2 | - |
| Buffalotech | Bhr-4Grv2 Firmware | 1.04 |
| Buffalotech | Whr-300Hp2 | - |
| Buffalotech | Whr-300Hp2 Firmware | 1.90 |
| Buffalotech | Whr-1166Dhp | - |
| Buffalotech | Whr-1166Dhp Firmware | 1.90 |
| Buffalotech | Whr-600D | - |
| Buffalotech | Whr-600D Firmware | 1.90 |
| Buffalotech | Wsr-1166Dhp | - |
| Buffalotech | Wsr-1166Dhp Firmware | 1.01 |
Related Weaknesses (CWE)
References
- http://jvn.jp/en/jp/JVN49225722/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000006Vendor Advisory
- http://jvn.jp/en/jp/JVN49225722/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000006Vendor Advisory
FAQ
What is CVE-2016-1135?
CVE-2016-1135 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier...
How severe is CVE-2016-1135?
CVE-2016-1135 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-1135?
Check the references section above for vendor advisories and patch information. Affected products include: Buffalotech Wmr-300, Buffalotech Wmr-300 Firmware, Buffalotech Wex-300, Buffalotech Wex-300 Firmware, Buffalotech Wmr-433.