Vendor CVEs
Buffalotech
All CVEs
78 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-46711 | 0.00 | — | 0.00 | Dec 26, 2023 | VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user. | |||
| CVE-2023-46681 | 0.00 | — | 0.00 | Dec 26, 2023 | Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command. | |||
| CVE-2023-45741 | 0.00 | — | 0.00 | Dec 26, 2023 | VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands. | |||
| CVE-2023-39620 | 0.00 | — | 0.01 | Sep 8, 2023 | An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function. | |||
| CVE-2023-24544 | 0.00 | — | 0.00 | Apr 11, 2023 | Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03… | |||
| CVE-2023-24464 | 0.00 | — | 0.00 | Apr 11, 2023 | Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008… | |||
| CVE-2023-26588 | 0.00 | — | 0.01 | Apr 11, 2023 | Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and… | |||
| CVE-2022-43466 | 0.00 | — | 0.01 | Dec 19, 2022 | OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program. | |||
| CVE-2022-43443 | 0.00 | — | 0.01 | Dec 19, 2022 | OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. | |||
| CVE-2022-43486 | 0.00 | — | 0.00 | Dec 19, 2022 | Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices. | |||
| CVE-2022-34840 | 0.00 | — | 0.00 | Dec 7, 2022 | Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00… | |||
| CVE-2022-40966 | 0.00 | — | 0.00 | Dec 7, 2022 | Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and… | |||
| CVE-2022-39044 | 0.00 | — | 0.00 | Dec 7, 2022 | Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N… | |||
| CVE-2021-20731 | 0.00 | — | 0.01 | Jun 9, 2021 | WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors. | |||
| CVE-2021-20730 | 0.00 | — | 0.00 | Jun 9, 2021 | Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors. | |||
| CVE-2021-3512 | 0.00 | — | 0.01 | Apr 28, 2021 | Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N… | |||
| CVE-2021-3511 | 0.00 | — | 0.01 | Apr 28, 2021 | Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300… | |||
| CVE-2021-20716 | 0.00 | — | 0.03 | Apr 28, 2021 | Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and… | |||
| CVE-2020-5606 | 0.00 | — | 0.01 | Sep 18, 2020 | Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page. | |||
| CVE-2020-5605 | 0.00 | — | 0.01 | Sep 18, 2020 | Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. | |||
| CVE-2018-13323 | 0.00 | — | 0.01 | Nov 26, 2018 | Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. | |||
| CVE-2018-13322 | 0.00 | — | 0.01 | Nov 26, 2018 | Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. | |||
| CVE-2018-13321 | 0.00 | — | 0.01 | Nov 26, 2018 | Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. | |||
| CVE-2018-13324 | 0.00 | — | 0.23 | Nov 26, 2018 | Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. | |||
| CVE-2018-13319 | 0.00 | — | 0.01 | Nov 26, 2018 | Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. | |||
| CVE-2014-9284 | 0.00 | — | 0.01 | Jun 9, 2015 | The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS… | |||
| CVE-2011-1324 | 0.00 | — | 0.00 | May 9, 2011 | Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of… | |||
| CVE-2007-4822 | 0.00 | — | 0.01 | Sep 11, 2007 | Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter… |
- CVE-2023-46711Dec 26, 2023risk 0.00cvss —epss 0.00
VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user.
- CVE-2023-46681Dec 26, 2023risk 0.00cvss —epss 0.00
Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. 2.37 and earlier allows an authenticated attacker who can access to the product's command line interface to execute an arbitrary command.
- CVE-2023-45741Dec 26, 2023risk 0.00cvss —epss 0.00
VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands.
- CVE-2023-39620Sep 8, 2023risk 0.00cvss —epss 0.01
An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function.
- CVE-2023-24544Apr 11, 2023risk 0.00cvss —epss 0.00
Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. As a result, the product settings may be altered. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03…
- CVE-2023-24464Apr 11, 2023risk 0.00cvss —epss 0.00
Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008…
- CVE-2023-26588Apr 11, 2023risk 0.00cvss —epss 0.01
Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and…
- CVE-2022-43466Dec 19, 2022risk 0.00cvss —epss 0.01
OS command injection vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command if a specially crafted request is sent to a specific CGI program.
- CVE-2022-43443Dec 19, 2022risk 0.00cvss —epss 0.01
OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page.
- CVE-2022-43486Dec 19, 2022risk 0.00cvss —epss 0.00
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices.
- CVE-2022-34840Dec 7, 2022risk 0.00cvss —epss 0.00
Use of hard-coded credentials vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to alter?configuration settings of the device. The affected products/versions are as follows: WZR-300HP firmware Ver. 2.00 and earlier, WZR-450HP firmware Ver. 2.00…
- CVE-2022-40966Dec 7, 2022risk 0.00cvss —epss 0.00
Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N firmware Ver. 2.00 and…
- CVE-2022-39044Dec 7, 2022risk 0.00cvss —epss 0.00
Hidden functionality vulnerability in multiple Buffalo network devices allows a network-adjacent attacker with an administrative privilege to execute an arbitrary OS command. The affected products/versions are as follows: WCR-300 firmware Ver. 1.87 and earlier, WHR-HP-G300N…
- CVE-2021-20731Jun 9, 2021risk 0.00cvss —epss 0.01
WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors.
- CVE-2021-20730Jun 9, 2021risk 0.00cvss —epss 0.00
Improper access control vulnerability in WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allows an attacker to obtain configuration information via unspecified vectors.
- CVE-2021-3512Apr 28, 2021risk 0.00cvss —epss 0.01
Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N…
- CVE-2021-3511Apr 28, 2021risk 0.00cvss —epss 0.01
Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300…
- CVE-2021-20716Apr 28, 2021risk 0.00cvss —epss 0.03
Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and…
- CVE-2020-5606Sep 18, 2020risk 0.00cvss —epss 0.01
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.
- CVE-2020-5605Sep 18, 2020risk 0.00cvss —epss 0.01
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.
- CVE-2018-13323Nov 26, 2018risk 0.00cvss —epss 0.01
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.
- CVE-2018-13322Nov 26, 2018risk 0.00cvss —epss 0.01
Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter.
- CVE-2018-13321Nov 26, 2018risk 0.00cvss —epss 0.01
Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter.
- CVE-2018-13324Nov 26, 2018risk 0.00cvss —epss 0.23
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.
- CVE-2018-13319Nov 26, 2018risk 0.00cvss —epss 0.01
Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.
- CVE-2014-9284Jun 9, 2015risk 0.00cvss —epss 0.01
The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS…
- CVE-2011-1324May 9, 2011risk 0.00cvss —epss 0.00
Multiple cross-site request forgery (CSRF) vulnerabilities in the management screen on Buffalo WHR, WZR2, WZR, WER, and BBR series routers with firmware 1.x; BHR-4RV and FS-G54 routers with firmware 2.x; and AS-100 routers allow remote attackers to hijack the authentication of…
- CVE-2007-4822Sep 11, 2007risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the res parameter with an inp req parameter…
Page 2 of 2