Medium severity6.8NVD Advisory· Published Dec 27, 2015· Updated May 6, 2026

CVE-2015-8262

Description

Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value.

Affected products

Buffalotech/Airstation Extreme N600
cpe:2.3:h:buffalotech:airstation_extreme_n600:*:*:*:*:*:*:*:*
Buffalotech/Airstation Extreme N600 Firmware3 versions
cpe:2.3:o:buffalotech:airstation_extreme_n600_firmware:2.09:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:buffalotech:airstation_extreme_n600_firmware:2.09:*:*:*:*:*:*:*
- cpe:2.3:o:buffalotech:airstation_extreme_n600_firmware:2.13:*:*:*:*:*:*:*
- cpe:2.3:o:buffalotech:airstation_extreme_n600_firmware:2.16:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/646008nvdThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/78877nvd

News mentions

No linked articles in our index yet.

cvss	0.442
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000