Search...

CVE-2017-2126

2017-07-22T00:29:00

ID CVE-2017-2126
Type cve
Reporter cve@mitre.org
Modified 2017-07-27T13:00:00

Description

WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.

JSON Vulners Source

Initial Source

{"id": "CVE-2017-2126", "bulletinFamily": "NVD", "title": "CVE-2017-2126", "description": "WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.", "published": "2017-07-22T00:29:00", "modified": "2017-07-27T13:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2126", "reporter": "cve@mitre.org", "references": ["http://buffalo.jp/support_s/s20170718.html", "https://jvn.jp/en/jp/JVN48823557/index.html"], "cvelist": ["CVE-2017-2126"], "type": "cve", "lastseen": "2020-12-09T20:13:30", "edition": 5, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "jvn", "idList": ["JVN:48823557"]}], "modified": "2020-12-09T20:13:30", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2020-12-09T20:13:30", "rev": 2}, "vulnersScore": 7.6}, "cpe": ["cpe:/o:buffalo:wapm-apg600h_firmware:1.16.1", "cpe:/o:buffalo:wapm-1166d_firmware:1.2.7"], "affectedSoftware": [{"cpeName": "buffalo:wapm-1166d_firmware", "name": "buffalo wapm-1166d firmware", "operator": "le", "version": "1.2.7"}, {"cpeName": "buffalo:wapm-apg600h_firmware", "name": "buffalo wapm-apg600h firmware", "operator": "le", "version": "1.16.1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "cpe23": ["cpe:2.3:o:buffalo:wapm-apg600h_firmware:1.16.1:*:*:*:*:*:*:*", "cpe:2.3:o:buffalo:wapm-1166d_firmware:1.2.7:*:*:*:*:*:*:*"], "cwe": ["CWE-287"], "scheme": null, "affectedConfiguration": [{"cpeName": "buffalo:wapm-1166d", "name": "buffalo wapm-1166d", "operator": "eq", "version": "-"}, {"cpeName": "buffalo:wapm-apg600h", "name": "buffalo wapm-apg600h", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:buffalo:wapm-apg600h_firmware:1.16.1:*:*:*:*:*:*:*", "versionEndIncluding": "1.16.1", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:buffalo:wapm-apg600h:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}, {"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:o:buffalo:wapm-1166d_firmware:1.2.7:*:*:*:*:*:*:*", "versionEndIncluding": "1.2.7", "vulnerable": true}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:h:buffalo:wapm-1166d:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}], "operator": "AND"}]}}

{"jvn": [{"lastseen": "2019-05-29T19:49:04", "bulletinFamily": "info", "cvelist": ["CVE-2017-2126"], "description": "\n ## Description\n\nWAPM-1166D and WAPM-APG600H provided by BUFFALO INC. are wireless LAN access point devices. WAPM-1166D and WAPM-APG600H do not properly perform authentication ([CWE-287](<https://cwe.mitre.org/data/definitions/287.html>)).\n\n ## Impact\n\nAn attacker who can access the device may log in via telnet without authentication and access the configuration interface of the device.\n\n ## Solution\n\n**Update the Firmware** \nApply the appropriate firmware update according to the information provided by the developer.\n\n ## Products Affected\n\n * WAPM-1166D firmware Ver.1.2.7 and earlier\n * WAPM-APG600H firmware Ver.1.16.1 and earlier\n", "edition": 5, "modified": "2017-07-20T00:00:00", "published": "2017-07-20T00:00:00", "id": "JVN:48823557", "href": "http://jvn.jp/en/jp/JVN48823557/index.html", "title": "JVN#48823557: Multiple Buffalo wireless LAN access point devices do not properly perform authentication", "type": "jvn", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}