Buffalo AirStation WZR-600DHP Wireless Router

Platform Information https://www.newegg.com/Product/Product.aspx?Item=N82E16833162070
Search Engine Search on Google
End of Sales -
End of Support -
Wired Connection Yes
Wireless Connection Yes
Fingerprinting Source HTTP NIC VENDOR
Added at Jan 08, 2019
Manufacturer Name Buffalo Americas, Inc.
Homepage http://www.buffalotech.com
Headquarters United States of America
Business Status Ongoing

Platform’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2015-8262
12/27/2015
MEDIUM
MEDIUM
Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.
CVE-2014-9284
06/09/2015
HIGH
The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
Manufacturer’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2018-16988
05/02/2019
CRITICAL
MEDIUM
An issue was discovered in Open XDMoD through 7.5.0. An authentication bypass (account takeover) exists due to a weak password reset mechanism. A brute-force attack against an MD5 rid value requires only 600 guesses in the plausible situation where the attacker knows that the victim has started a password-reset process (pass_reset.php, password_reset.php, XDUser.php) in the past few minutes.
CVE-2018-16961
05/02/2019
HIGH
MEDIUM
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories.
CVE-2018-16960
05/02/2019
MEDIUM
MEDIUM
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter.
CVE-2018-13324
11/26/2018
CRITICAL
HIGH
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.
CVE-2018-13323
11/26/2018
MEDIUM
MEDIUM
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.