Details of VAR-200211-0076

ID

VAR-200211-0076

TITLE

Buffalo AirStation Pro Intelligent Access Device Port 80 Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-15165

DESCRIPTION

The Buffalo AirStation Pro Intelligent Access Point is a wireless access device. The Buffalo AP handles malformed HTTP GET requests incorrectly, and remote attackers can exploit this vulnerability for denial of service attacks. Use Nmap to scan the Buffalo AP, or manually connect to the AP 80 port and submit a malformed GET request. For example, a request with a space after the GET can cause the Buffalo AP to restart and stop responding to normal communication. It is possible to trigger this condition by sending certain types of data to port 80 on the device. This condition has been reproduced with a portscanner with version grabbing functionality and via a manual connection using telnet. It is believed that this condition may be caused with a malformed HTTP GET request. Other versions or models may be affected

Trust: 0.81

sources: CNVD: CNVD-2013-15165 // BID: 6177

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-15165

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	buffalo	model:	technology airstation pro intelligent access point wlm-l11g	scope:	eq	version:	1.30	Trust: 0.3
vendor:	buffalo	model:	technology airstation pro intelligent access point wlm-l11g beta3	scope:	ne	version:	1.41.180	Trust: 0.3

sources: CNVD: CNVD-2013-15165 // BID: 6177

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-15165
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2013-15165
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-15165

THREAT TYPE

network

Trust: 0.3

sources: BID: 6177

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.3

sources: BID: 6177

EXTERNAL IDS

db:	BID	id:	6177	Trust: 0.9
db:	CNVD	id:	CNVD-2013-15165	Trust: 0.6

sources: CNVD: CNVD-2013-15165 // BID: 6177

REFERENCES

url:	http://marc.theaimsgroup.com/?l=bugtraq&m=103724086223296&w=2	Trust: 0.6
url:	http://www.buffalotech.com/	Trust: 0.3
url:	/archive/1/299746	Trust: 0.3

sources: CNVD: CNVD-2013-15165 // BID: 6177

CREDITS

Discovery of this issue is credited to Andrei Mikhailovsky <andrei@arhont.com>.

Trust: 0.3

sources: BID: 6177

SOURCES

db:	CNVD	id:	CNVD-2013-15165
db:	BID	id:	6177

LAST UPDATE DATE

2022-05-17T02:01:43.502000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-15165	date:	2013-12-17T00:00:00
db:	BID	id:	6177	date:	2002-11-13T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-15165	date:	2002-11-13T00:00:00
db:	BID	id:	6177	date:	2002-11-13T00:00:00