VYPR
Medium severity6.5NVD Advisory· Published Apr 20, 2026· Updated Apr 20, 2026

CVE-2025-66954

CVE-2025-66954

Description

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.