Published:2020/09/11  Last Updated:2020/09/11

JVN#09166495
Multiple vulnerabilities in Buffalo AirStation WHR-G54S

Overview

Buffalo AirStation WHR-G54S contains multiple vulnerabilities.

Products Affected

  • WHR-G54S firmware 1.43 and earlier

Description

Buffalo AirStation WHR-G54S contains multiple vulnerabilities listed below.

  • Directory Traversal - CVE-2020-5605
    CVSS v3 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Base Score: 4.1
    CVSS v2 AV:A/AC:L/Au:S/C:P/I:N/A:N Base Score: 2.7
  • Cross-site Scripting - CVE-2020-5606
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1
    CVSS v2 AV:N/AC:H/Au:N/C:N/I:P/A:N Base Score: 2.6

Impact

  • An attacker who is logged in to the product may access sensitive information such as setting values - CVE-2020-5605
  • When a user who is logged in to the product accesses a specially crafted page, an arbitrary script may be executed on the user's web browser - CVE-2020-5606

Solution

Apply a workaround
Applying the following workarounds may mitigate the impacts of these vulnerabilities.

  • Log off when the setting screen is not being used
    • This product is designed to log off automatically when the setting screen is not operated for 5 minutes
  • Do not check other web pages while logged in to the setting screen
  • Change the default password
Do not use the product
According to the developer, the product is no longer supported and it is recommended for the users to use alternative products.
Please refer to the information provided by the developer for more details.

Vendor Status

Vendor Status Last Update Vendor Notes
BUFFALO INC. Vulnerable 2020/09/11 BUFFALO INC. website
Vendor Link
BUFFALO INC. DLPA Recommended Routers

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

RyotaK reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2020-5605
CVE-2020-5606
JVN iPedia JVNDB-2020-000063