Vulnerabilities > Buffalo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-18 | CVE-2020-5606 | Cross-site Scripting vulnerability in Buffalo Airstation Whr-G54S Firmware 1.43 Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page. | 6.1 |
| 2020-09-18 | CVE-2020-5605 | Path Traversal vulnerability in Buffalo Airstation Whr-G54S Firmware 1.43 Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. | 4.3 |
| 2019-05-02 | CVE-2018-16960 | Cross-site Scripting vulnerability in Buffalo Open Xdmod 7.5.0 An issue was discovered in Open XDMoD through 7.5.0. | 6.1 |
| 2018-11-26 | CVE-2018-13323 | Cross-site Scripting vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. | 6.1 |
| 2018-11-26 | CVE-2018-13322 | Path Traversal vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. | 6.5 |
| 2017-12-08 | CVE-2017-10897 | Improper Input Validation vulnerability in Buffalo Bbr-4Hg Firmware and Bbr-4Mg Firmware Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors. | 4.5 |
| 2017-12-08 | CVE-2017-10896 | Cross-site Scripting vulnerability in Buffalo Bbr-4Hg Firmware and Bbr-4Mg Firmware Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-08-18 | CVE-2017-10811 | OS Command Injection vulnerability in Buffalo Wcr-1166Ds Firmware 1.30 Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | 6.8 |
| 2017-07-22 | CVE-2017-2274 | Cross-site Scripting vulnerability in Buffalo Wmr-433 Firmware and Wmr-433W Firmware Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-06-19 | CVE-2016-4816 | Information Exposure vulnerability in Buffalo products BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. | 6.5 |