medium
6.5
CWE
200
Advisory Published
Updated

CVE-2016-4816: Infoleak

First published: Sun Jun 19 2016(Updated: )

BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors.

Credit: vultures@jpcert.or.jp

Affected SoftwareAffected VersionHow to fix
BUFFALO wireless LAN routers
Buffalo WZR-600DHP3 firmware<=2.16
Buffalo HW-450HP-ZWE firmware
Buffalo HW-450HP-ZWE<=1.91
Buffalo WZR-HP-G450H firmware
Buffalo WZR-HP-G450H<=1.87
Buffalo WZR-450HP firmware
Buffalo WZR-450HP<=1.97
Buffalo WZR-900DHP2 firmware
Buffalo WZR-900DHP2<=2.16
Buffalo WCR-300 firmware
Arcadyan Buffalo Firmware<=1.86
Buffalo WZR-450HP
Buffalo WZR-450HP<=1.92
Buffalo WZR-HP-G301NH firmware
Buffalo WZR-HP-G301NH<=1.81
Buffalo WXR-1750DHP firmware
Buffalo WXR-1750DHP2 firmware<=2.42
BUFFALO wireless LAN routers
Buffalo WZR-600DHP firmware=1.97
Buffalo WZR-1750DHP2 firmware
Buffalo WZR-1750DHP firmware<=2.28
Buffalo WZR-S1750DHP firmware
Buffalo WZR-S1750DHP<=2.28
Buffalo WHR-300
Arcadyan Buffalo Firmware<=1.96
Buffalo WZR-S600DHP firmware
Buffalo WZR-S600DHP<=2.16
Buffalo WZR-HP-G302H firmware
Buffalo WZR-HP-G302H<=1.83
BUFFALO Wireless LAN Routers and Wireless LAN Repeaters
BUFFALO Wireless LAN Routers and Wireless LAN Repeaters<=2.62
Buffalo WZR-HP-AG300H firmware
Buffalo WZR-HP-AG300H<=1.73
Buffalo WZR-D1100H firmware
Buffalo WZR-D1100H<=1.96
Buffalo WPL-05G300 firmware
Buffalo WPL-05G300<=1.86
Buffalo WZR-S900DHP firmware
Buffalo WZR-S900DHP<=2.16
Buffalo DWR-HP-G300NH firmware
Buffalo DWR-HP-G300NH<=1.81
Buffalo WHR-300HP2
Buffalo WHR-300HP firmware<=1.96
Buffalo WZR-1750DHP2 firmware
Buffalo WZR-1750DHP2 firmware<=2.28
Buffalo WZR-1166DHP2 firmware
Buffalo WZR-1166DHP2<=2.13
Buffalo WZR-300HP firmware
Buffalo WZR-300HP firmware<=1.96
BUFFALO wapm-apg300n firmware
BUFFALO Wireless LAN Routers and Wireless LAN Repeaters<=2.62
Buffalo WZR-900DHP2<=1.13
Buffalo WXR-1900DHP2
Buffalo WXR-1900DHP2<=2.34
Buffalo WZR-900DHP firmware
Buffalo WZR-900DHP firmware<=1.11
Buffalo WZR-1166DHP firmware
Buffalo WZR-1166DHP firmware<=2.13
Buffalo WHR-HP-G300N firmware
Buffalo WHR-HP-G300N<=1.96
Buffalo BHR-4GRV firmware
Arcadyan Buffalo Firmware<=1.96
Buffalo WZR-450HP-UB firmware
Buffalo WZR-450HP firmware<=1.96
Buffalo WZR-HP-G300NH firmware
Buffalo WZR-HP-G300NH firmware<=1.81
Buffalo FS-600DHP firmware
Arcadyan Buffalo Firmware<=3.34

Remedy

http://buffalo.jp/support_s/s20160527a.html

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2016-4816?

    CVE-2016-4816 has been assigned a medium severity rating due to the potential for remote attackers to discover sensitive information.

  • How do I fix CVE-2016-4816?

    To mitigate CVE-2016-4816, update the firmware of affected Buffalo devices to versions later than 2.16 for WZR-600DHP3 and WZR-S600DHP devices.

  • Which Buffalo devices are affected by CVE-2016-4816?

    CVE-2016-4816 affects Buffalo WZR-600DHP3 devices with firmware 2.16 and earlier, and WZR-S600DHP devices with firmware 2.16 and earlier.

  • Can CVE-2016-4816 be exploited without physical access?

    Yes, CVE-2016-4816 can be exploited remotely, allowing attackers to potentially extract credentials and sensitive information.

  • What impact does CVE-2016-4816 have on network security?

    CVE-2016-4816 can significantly compromise network security by exposing sensitive credentials, which may lead to unauthorized access.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203