CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-45741
https://notcve.org/view.php?id=CVE-2023-45741
VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands. Versión del firmware VR-S1000. 2.37 y anteriores permiten a un atacante con acceso a la página de administración web del producto ejecutar comandos arbitrarios del sistema operativo. • https://jvn.jp/en/jp/JVN23771490 https://www.buffalo.jp/news/detail/20231225-01.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-39620
https://notcve.org/view.php?id=CVE-2023-39620
An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function. Un problema en Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 a v.0.07 permite a un atacante remoto obtener información confidencial a través de la función de cuenta de invitado. • https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration. • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 14EXPL: 0CVE-2023-24464
https://notcve.org/view.php?id=CVE-2023-24464
Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier • https://jvn.jp/en/vu/JVNVU96824262 https://www.buffalo.jp/news/detail/20230310-01.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 28EXPL: 0CVE-2023-24544
https://notcve.org/view.php?id=CVE-2023-24544
Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier • https://jvn.jp/en/vu/JVNVU96824262 https://www.buffalo.jp/news/detail/20230310-01.html •
CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0CVE-2023-26588
https://notcve.org/view.php?id=CVE-2023-26588
Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier • https://jvn.jp/en/vu/JVNVU96824262 https://www.buffalo.jp/news/detail/20230310-01.html • CWE-668: Exposure of Resource to Wrong Sphere •