CVE-2018-13320
https://notcve.org/view.php?id=CVE-2018-13320
System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. La inyección de comandos del sistema en network.set_auth_settings, en la versión 3.70.-0.10 de TBuffalo TS5600D1206, permite a los atacantes ejecutar comandos del sistema mediante los parámetros adminUsername y adminPassword. • https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2018-13319
https://notcve.org/view.php?id=CVE-2018-13319
Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. El control de acceso incorrecto en get_portal_info, en la versión 3.61.-0.10 de Buffalo TS5600D1206, permite a los atacantes averiguar determinados datos sensibles mediante una petición POST no autenticada. • https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-13323
https://notcve.org/view.php?id=CVE-2018-13323
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. Cross-Site Scripting (XSS) en detail.html, en la versión 3.61.-0.10 de Buffalo TS5600D1206, permite a los atacantes ejecutar JavaScript mediante el cookie "username". • https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-13324
https://notcve.org/view.php?id=CVE-2018-13324
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. El control de acceso incorrecto en nasapi, en la versión 3.61.-0.10 de Buffalo TS5600D1206, permite a los atacantes omitir la autenticación, enviando una cabecera modificada del tipo HTTP Host. • https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d • CWE-863: Incorrect Authorization •
CVE-2018-13321
https://notcve.org/view.php?id=CVE-2018-13321
Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. Los controles de acceso incorrectos en nasapi, en la versión 3.61-0.10 de Buffalo TS5600D1206, permiten a los atacantes llamar a funciones internas peligrosas mediante el parámetro "method". • https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d • CWE-732: Incorrect Permission Assignment for Critical Resource •