CVE-2016-1135

Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
Severity
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
buffalotechwmr-300_firmware
1.90
buffalotechwex-300_firmware
1.90
buffalotechwmr-433_firmware
1.01
buffalotechbhr-4grv2_firmware
1.04
buffalotechwhr-300hp2_firmware
1.90
buffalotechwhr-1166dhp_firmware
1.90
buffalotechwhr-600d_firmware
1.90
buffalotechwsr-1166dhp_firmware
1.01
𝑥
= Vulnerable software versions