TS5600D1206
by Buffalotech
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-13320 | 0.01 | — | 0.03 | Nov 26, 2018 | System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. | |||
| CVE-2018-13318 | 0.01 | — | 0.03 | Nov 26, 2018 | System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. | |||
| CVE-2018-13319 | 0.00 | — | 0.01 | Nov 26, 2018 | Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. | |||
| CVE-2018-13324 | 0.00 | — | 0.23 | Nov 26, 2018 | Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. | |||
| CVE-2018-13321 | 0.00 | — | 0.01 | Nov 26, 2018 | Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. | |||
| CVE-2018-13322 | 0.00 | — | 0.01 | Nov 26, 2018 | Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. | |||
| CVE-2018-13323 | 0.00 | — | 0.01 | Nov 26, 2018 | Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. |
- CVE-2018-13320Nov 26, 2018risk 0.01cvss —epss 0.03
System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters.
- CVE-2018-13318Nov 26, 2018risk 0.01cvss —epss 0.03
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter.
- CVE-2018-13319Nov 26, 2018risk 0.00cvss —epss 0.01
Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.
- CVE-2018-13324Nov 26, 2018risk 0.00cvss —epss 0.23
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.
- CVE-2018-13321Nov 26, 2018risk 0.00cvss —epss 0.01
Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter.
- CVE-2018-13322Nov 26, 2018risk 0.00cvss —epss 0.01
Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter.
- CVE-2018-13323Nov 26, 2018risk 0.00cvss —epss 0.01
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.