Vulnerabilities > Buffalo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2023-49038 | OS Command Injection vulnerability in Buffalo Ls210D Firmware 1.780.03 Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root. | 7.2 |
| 2024-01-11 | CVE-2023-51073 | Unspecified vulnerability in Buffalo Ls210D Firmware 1.780.03 An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. | 8.1 |
| 2023-12-26 | CVE-2023-46681 | Argument Injection or Modification vulnerability in Buffalo Vr-S1000 Firmware Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. | 7.8 |
| 2023-09-08 | CVE-2023-39620 | Unspecified vulnerability in Buffalo Terastation NAS 5410R Firmware 5.000.07 An Issue in Buffalo America, Inc. | 7.5 |
| 2022-12-19 | CVE-2022-43443 | OS Command Injection vulnerability in Buffalo products OS command injection vulnerability in Buffalo network devices allows an network-adjacent attacker to execute an arbitrary OS command if a specially crafted request is sent to the management page. | 8.8 |
| 2022-12-07 | CVE-2022-40966 | Improper Authentication vulnerability in Buffalo products Authentication bypass vulnerability in multiple Buffalo network devices allows a network-adjacent attacker to bypass authentication and access the device. | 8.8 |
| 2021-06-09 | CVE-2021-20731 | OS Command Injection vulnerability in Buffalo Wsr-1166Dhp3 Firmware and Wsr-1166Dhp4 Firmware WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors. | 8.3 |
| 2021-04-28 | CVE-2021-3512 | Unspecified vulnerability in Buffalo products Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors. low complexity buffalo | 8.3 |
| 2018-11-26 | CVE-2018-13324 | Incorrect Authorization vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. | 7.5 |
| 2018-04-09 | CVE-2018-0556 | OS Command Injection vulnerability in Buffalo Wzr-1750Dhp2 Firmware Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | 8.3 |