Vulnerability Details CVE-2016-1135
Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2016-1135
-
cpe:2.3:h:buffalotech:bhr-4grv2:-
-
cpe:2.3:h:buffalotech:wex-300:-
-
cpe:2.3:h:buffalotech:whr-1166dhp:-
-
cpe:2.3:h:buffalotech:whr-300hp2:-
-
cpe:2.3:h:buffalotech:whr-600d:-
-
cpe:2.3:h:buffalotech:wmr-300:-
-
cpe:2.3:h:buffalotech:wmr-433:-
-
cpe:2.3:h:buffalotech:wsr-1166dhp:-
-
cpe:2.3:o:buffalotech:bhr-4grv2_firmware:1.04
-
cpe:2.3:o:buffalotech:wex-300_firmware:1.90
-
cpe:2.3:o:buffalotech:whr-1166dhp_firmware:1.90
-
cpe:2.3:o:buffalotech:whr-300hp2_firmware:1.90
-
cpe:2.3:o:buffalotech:whr-600d_firmware:1.90
-
cpe:2.3:o:buffalotech:wmr-300_firmware:1.90
-
cpe:2.3:o:buffalotech:wmr-433_firmware:1.01
-
cpe:2.3:o:buffalotech:wsr-1166dhp_firmware:1.01