Buffalo AirStation WZR-600DHP Wireless Router

Platform Information https://www.newegg.com/Product/Product.aspx?Item=N82E16833162070
Search Engine Search on Google
End of Sales -
End of Support -
Wired Connection Yes
Wireless Connection Yes
Fingerprinting Source HTTP NIC VENDOR
Added at Jan 08, 2019
Manufacturer Name Buffalo Americas, Inc.
Homepage http://www.buffalotech.com
Headquarters United States of America
Business Status Ongoing

Platform’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2015-8262
12/27/2015
MEDIUM
MEDIUM
Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.
Manufacturer’s Common Vulnerabilities and Exposures (CVE)
CVE-ID
Severity v3.0
Severity v2.0
Description
CVE-2016-7826
06/09/2017
MEDIUM
MEDIUM
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.
CVE-2016-7825
06/09/2017
MEDIUM
MEDIUM
Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted commands.
CVE-2016-7824
06/09/2017
HIGH
MEDIUM
Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors.
CVE-2016-7823
06/09/2017
MEDIUM
LOW
Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-7822
06/09/2017
HIGH
MEDIUM
Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perform unintended operations via unspecified vectors.