7 results (0.009 seconds)

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. La inyección de comandos del sistema en el método User.create, en la versión 3.61.-0.10 de Buffalo TS5600D1206, permite a los atacantes ejecutar comandos del sistema en el parámetro "name". • https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. Un salto de directorio en el método list_folders, en la versión 3.61-0.10 de Buffalo TS5600D1206, permite a los atacantes detallar los contenidos de dicho directorio mediante el parámetro "path". • https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. La inyección de comandos del sistema en network.set_auth_settings, en la versión 3.70.-0.10 de TBuffalo TS5600D1206, permite a los atacantes ejecutar comandos del sistema mediante los parámetros adminUsername y adminPassword. • https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. El control de acceso incorrecto en get_portal_info, en la versión 3.61.-0.10 de Buffalo TS5600D1206, permite a los atacantes averiguar determinados datos sensibles mediante una petición POST no autenticada. • https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. Cross-Site Scripting (XSS) en detail.html, en la versión 3.61.-0.10 de Buffalo TS5600D1206, permite a los atacantes ejecutar JavaScript mediante el cookie "username". • https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •