Vulnerabilities > Buffalo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-28 | CVE-2021-20716 | Unspecified vulnerability in Buffalo products Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and prior, WBR-G54 firmware Ver.2.23 and prior, WBR-G54L firmware Ver.2.20 and prior, WHR2-A54G54 firmware Ver.2.25 and prior, WHR2-G54 firmware Ver.2.23 and prior, WHR2-G54V firmware Ver.2.55 and prior, WHR3-AG54 firmware Ver.2.23 and prior, WHR-G54 firmware Ver.2.16 and prior, WHR-G54-NF firmware Ver.2.10 and prior, WLA2-G54 firmware Ver.2.24 and prior, WLA2-G54C firmware Ver.2.24 and prior, WLA-B11 firmware Ver.2.20 and prior, WLA-G54 firmware Ver.2.20 and prior, WLA-G54C firmware Ver.2.20 and prior, WLAH-A54G54 firmware Ver.2.54 and prior, WLAH-AM54G54 firmware Ver.2.54 and prior, WLAH-G54 firmware Ver.2.54 and prior, WLI2-TX1-AG54 firmware Ver.2.53 and prior, WLI2-TX1-AMG54 firmware Ver.2.53 and prior, WLI2-TX1-G54 firmware Ver.2.20 and prior, WLI3-TX1-AMG54 firmware Ver.2.53 and prior, WLI3-TX1-G54 firmware Ver.2.53 and prior, WLI-T1-B11 firmware Ver.2.20 and prior, WLI-TX1-G54 firmware Ver.2.20 and prior, WVR-G54-NF firmware Ver.2.02 and prior, WZR-G108 firmware Ver.2.41 and prior, WZR-G54 firmware Ver.2.41 and prior, WZR-HP-G54 firmware Ver.2.41 and prior, WZR-RS-G54 firmware Ver.2.55 and prior, and WZR-RS-G54HP firmware Ver.2.55 and prior) allows a remote attacker to enable the debug option and to execute arbitrary code or OS commands, change the configuration, and cause a denial of service (DoS) condition. | 10.0 |
| 2020-09-18 | CVE-2020-5606 | Cross-site Scripting vulnerability in Buffalo Airstation Whr-G54S Firmware Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page. | 4.3 |
| 2020-09-18 | CVE-2020-5605 | Path Traversal vulnerability in Buffalo Airstation Whr-G54S Firmware Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. | 4.0 |
| 2019-05-02 | CVE-2018-16961 | Path Traversal vulnerability in Buffalo Open Xdmod 7.5.0 An issue was discovered in Open XDMoD through 7.5.0. | 5.0 |
| 2019-05-02 | CVE-2018-16960 | Cross-site Scripting vulnerability in Buffalo Open Xdmod 7.5.0 An issue was discovered in Open XDMoD through 7.5.0. | 4.3 |
| 2018-11-26 | CVE-2018-13324 | Incorrect Authorization vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. | 7.5 |
| 2018-11-26 | CVE-2018-13323 | Cross-site Scripting vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. | 4.3 |
| 2018-11-26 | CVE-2018-13322 | Path Traversal vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. | 4.0 |
| 2018-11-26 | CVE-2018-13321 | Incorrect Permission Assignment for Critical Resource vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. | 6.5 |
| 2018-11-26 | CVE-2018-13320 | OS Command Injection vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. | 6.5 |