VYPR

Vendor CVEs

Buffalotech

All CVEs

78 total · sorted by risk
  • CVE-2023-46711Dec 26, 2023
    risk 0.00cvss epss 0.00

    VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user.

  • CVE-2023-46681Dec 26, 2023
    risk 0.00cvss epss 0.00

    Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command.

  • CVE-2023-45741Dec 26, 2023
    risk 0.00cvss epss 0.00

    VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands.

  • CVE-2023-39620Sep 8, 2023
    risk 0.00cvss epss 0.01

    An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function.

  • CVE-2023-24544Apr 11, 2023
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03…

  • CVE-2023-24464Apr 11, 2023
    risk 0.00cvss epss 0.00

    Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008…

  • CVE-2023-26588Apr 11, 2023
    risk 0.00cvss epss 0.01

    Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and…

  • CVE-2022-43466Dec 19, 2022
    risk 0.00cvss epss 0.01

    OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.

  • CVE-2022-43443Dec 19, 2022
    risk 0.00cvss epss 0.01

    OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.

  • CVE-2022-43486Dec 19, 2022
    risk 0.00cvss epss 0.00

    Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.

  • CVE-2022-34840Dec 7, 2022
    risk 0.00cvss epss 0.00

    Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00…

  • CVE-2022-40966Dec 7, 2022
    risk 0.00cvss epss 0.00

    Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and…

  • CVE-2022-39044Dec 7, 2022
    risk 0.00cvss epss 0.00

    Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N…

  • CVE-2021-20731Jun 9, 2021
    risk 0.00cvss epss 0.01

    WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors.

  • CVE-2021-20730Jun 9, 2021
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors.

  • CVE-2021-3512Apr 28, 2021
    risk 0.00cvss epss 0.01

    Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N…

  • CVE-2021-3511Apr 28, 2021
    risk 0.00cvss epss 0.01

    Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300…

  • CVE-2021-20716Apr 28, 2021
    risk 0.00cvss epss 0.03

    Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and…

  • CVE-2020-5606Sep 18, 2020
    risk 0.00cvss epss 0.01

    Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.

  • CVE-2020-5605Sep 18, 2020
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.

  • CVE-2018-13323Nov 26, 2018
    risk 0.00cvss epss 0.01

    Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.

  • CVE-2018-13322Nov 26, 2018
    risk 0.00cvss epss 0.01

    Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter.

  • CVE-2018-13321Nov 26, 2018
    risk 0.00cvss epss 0.01

    Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter.

  • CVE-2018-13324Nov 26, 2018
    risk 0.00cvss epss 0.23

    Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.

  • CVE-2018-13319Nov 26, 2018
    risk 0.00cvss epss 0.01

    Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.

  • CVE-2014-9284Jun 9, 2015
    risk 0.00cvss epss 0.01

    The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS…

  • CVE-2011-1324May 9, 2011
    risk 0.00cvss epss 0.00

    Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of…

  • CVE-2007-4822Sep 11, 2007
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter…

Page 2 of 2