Vulnerabilities > Buffalo
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-26 | CVE-2018-13322 | Path Traversal vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. | 6.5 |
| 2018-11-26 | CVE-2018-13321 | Incorrect Permission Assignment for Critical Resource vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. | 8.8 |
| 2018-11-26 | CVE-2018-13320 | OS Command Injection vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. | 7.2 |
| 2018-11-26 | CVE-2018-13319 | Information Exposure vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. | 7.5 |
| 2018-11-26 | CVE-2018-13318 | OS Command Injection vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. | 7.2 |
| 2018-04-09 | CVE-2018-0556 | OS Command Injection vulnerability in Buffalo Wzr-1750Dhp2 Firmware 2.28/2.30 Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 8.8 |
| 2018-04-09 | CVE-2018-0555 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Buffalo Wzr-1750Dhp2 Firmware 2.28/2.30 Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file. | 7.8 |
| 2018-04-09 | CVE-2018-0554 | Missing Authentication for Critical Function vulnerability in Buffalo Wzr-1750Dhp2 Firmware 2.28/2.30 Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors. | 8.8 |
| 2018-03-09 | CVE-2018-0523 | OS Command Injection vulnerability in Buffalo Wxr-1900Dhp2 Firmware 2.48 Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 8.8 |
| 2018-03-09 | CVE-2018-0522 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Buffalo Wxr-1900Dhp2 Firmware 2.48 Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file. | 7.8 |