Vulnerabilities > CVE-2018-13324 - Incorrect Authorization vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

buffalo

CWE-863

critical

NVD

Published: 2018-11-26

Updated: 2019-10-03

Summary

Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.

Vulnerable Configurations

Part	Description	Count
OS	Buffalo Buffalo Ts5600D1206 Firmware 3.61-0.10	1
Hardware	Buffalo Buffalo Ts5600D1206 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d