Vulnerabilities > Buffalo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2023-49038 | OS Command Injection vulnerability in Buffalo Ls210D Firmware 1.780.03 Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root. | 7.2 |
| 2024-01-11 | CVE-2023-51073 | Unspecified vulnerability in Buffalo Ls210D Firmware 1.780.03 An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. | 8.1 |
| 2023-12-26 | CVE-2023-46681 | Argument Injection or Modification vulnerability in Buffalo Vr-S1000 Firmware Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. | 7.8 |
| 2023-09-08 | CVE-2023-39620 | Unspecified vulnerability in Buffalo Terastation NAS 5410R Firmware 5.000.07 An Issue in Buffalo America, Inc. | 7.5 |
| 2023-04-11 | CVE-2023-24544 | Unspecified vulnerability in Buffalo products Improper access control vulnerability in Buffalo network devices allows a network-adjacent attacker to obtain specific files of the product. low complexity buffalo | 8.1 |
| 2023-04-11 | CVE-2023-26588 | Exposure of Resource to Wrong Sphere vulnerability in Buffalo products Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. | 7.5 |
| 2022-12-19 | CVE-2022-43443 | OS Command Injection vulnerability in Buffalo products OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. | 8.8 |
| 2022-12-07 | CVE-2022-40966 | Improper Authentication vulnerability in Buffalo products Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. | 8.8 |
| 2021-06-09 | CVE-2021-20731 | OS Command Injection vulnerability in Buffalo Wsr-1166Dhp3 Firmware and Wsr-1166Dhp4 Firmware WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors. | 8.8 |
| 2021-04-29 | CVE-2021-20091 | Unspecified vulnerability in Buffalo products The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. | 8.8 |