CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1CVE-2023-49038
https://notcve.org/view.php?id=CVE-2023-49038
Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root. La inyección de comandos en la utilidad ping en Buffalo LS210D 1.78-0.03 permite a un atacante remoto autenticado inyectar comandos arbitrarios en el NAS como root. • https://github.com/christopher-pace/CVE-2023-49038 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 1CVE-2023-51073
https://notcve.org/view.php?id=CVE-2023-51073
An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. Un problema en Buffalo LS210D v.1.78-0.03 permite a un atacante remoto ejecutar código arbitrario a través del script de actualización de firmware en /etc/init.d/update_notifications.sh. • https://github.com/christopher-pace/CVE-2023-51073 https://www.buffalotech.com •