Medium severity6.1NVD Advisory· Published Jan 22, 2016· Updated May 6, 2026

CVE-2016-1135

Description

Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected products

Buffalotech/Bhr 4grv2 Firmware
cpe:2.3:o:buffalotech:bhr-4grv2_firmware:1.04:*:*:*:*:*:*:*
Buffalotech/Wex 300 Firmware
cpe:2.3:o:buffalotech:wex-300_firmware:1.90:*:*:*:*:*:*:*
Buffalotech/Whr 1166dhp Firmware
cpe:2.3:o:buffalotech:whr-1166dhp_firmware:1.90:*:*:*:*:*:*:*
Buffalotech/Whr 300hp2 Firmware
cpe:2.3:o:buffalotech:whr-300hp2_firmware:1.90:*:*:*:*:*:*:*
Buffalotech/Whr 600d Firmware
cpe:2.3:o:buffalotech:whr-600d_firmware:1.90:*:*:*:*:*:*:*
Buffalotech/Wmr 300 Firmware
cpe:2.3:o:buffalotech:wmr-300_firmware:1.90:*:*:*:*:*:*:*
Buffalotech/Wmr 433 Firmware
cpe:2.3:o:buffalotech:wmr-433_firmware:1.01:*:*:*:*:*:*:*
Buffalotech/Wsr 1166dhp Firmware
cpe:2.3:o:buffalotech:wsr-1166dhp_firmware:1.01:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

jvn.jp/en/jp/JVN49225722/index.htmlnvdVendor Advisory
jvndb.jvn.jp/jvndb/JVNDB-2016-000006nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000