cbcvebase.

Buffalo Ts5600D1206 Firmware vulnerabilities

7 known vulnerabilities affecting buffalo/ts5600d1206_firmware.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2018-13324P2CRITICALCVSS 9.8v3.61-0.102018-11-26
CVE-2018-13324 [CRITICAL] CWE-863 CVE-2018-13324: Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypa Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.
nvd
CVE-2018-13321P3HIGHCVSS 8.8v3.61-0.102018-11-26
CVE-2018-13321 [HIGH] CWE-732 CVE-2018-13321: Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter.
nvd
CVE-2018-13320P3HIGHCVSS 7.2v3.61-0.102018-11-26
CVE-2018-13320 [HIGH] CWE-78 CVE-2018-13320: System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allow System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters.
nvd
CVE-2018-13318P3HIGHCVSS 7.2v3.61-0.102018-11-26
CVE-2018-13318 [HIGH] CWE-78 CVE-2018-13318: System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attac System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter.
nvd
CVE-2018-13319P3HIGHCVSS 7.5v3.61-0.102018-11-26
CVE-2018-13319 [HIGH] CWE-200 CVE-2018-13319: Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attacker Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.
nvd
CVE-2018-13322P3MEDIUMCVSS 6.5v3.61-0.102018-11-26
CVE-2018-13322 [MEDIUM] CWE-22 CVE-2018-13322: Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter.
nvd
CVE-2018-13323P4MEDIUMCVSS 6.1v3.61-0.102018-11-26
CVE-2018-13323 [MEDIUM] CWE-79 CVE-2018-13323: Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to exe Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.
nvd
Buffalo Ts5600D1206 Firmware vulnerabilities | cvebase