Description
Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- BUFFALO INC. / WSR-2533DHPfirmware Ver. 1.06 and earlier – firmware Ver. 1.06 and earlier
- BUFFALO INC. / WSR-2533DHP2firmware Ver. 1.10 and earlier – firmware Ver. 1.10 and earlier
- BUFFALO INC. / WSR-2533DHPLfirmware Ver. 1.06 and earlier – firmware Ver. 1.06 and earlier
- BUFFALO INC. / WSR-A2533DHP2firmware Ver. 1.10 and earlier – firmware Ver. 1.10 and earlier