JVN#55023557
Buffalo router configuration management interface vulnerable to remote access and password leakage
Overview
Some Buffalo routers have a vulnerability that could allow remote access from the WAN side. A remote attacker could exploit this vulnerability to manipulate a router by gaining administrative privileges.
By accessing the management interface, a remote attacker could also obtain user's account and password information of the ISP using the save settings function.
Products Affected
- BUFFALO BBR-4MG, firmware version 1.04 and earlier
- BUFFALO BBR-4HG, firmware version 1.04 and earlier
Description
Impact
Configurations could be changed by the remote attacker.
As the save configuration stores user's account and password information of ISPs in plain-text format, a remote attacker could steal such information and impersonate a user to gain illegal access.
Solution
References
JPCERT/CC Addendum
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2005-000765 |