Vulnerabilities > Buffalo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-18 | CVE-2020-5605 | Path Traversal vulnerability in Buffalo Airstation Whr-G54S Firmware Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors. | 4.0 |
| 2019-05-02 | CVE-2018-16961 | Path Traversal vulnerability in Buffalo Open Xdmod 7.5.0 An issue was discovered in Open XDMoD through 7.5.0. | 5.0 |
| 2019-05-02 | CVE-2018-16960 | Cross-site Scripting vulnerability in Buffalo Open Xdmod 7.5.0 An issue was discovered in Open XDMoD through 7.5.0. | 4.3 |
| 2018-11-26 | CVE-2018-13323 | Cross-site Scripting vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. | 4.3 |
| 2018-11-26 | CVE-2018-13322 | Path Traversal vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. | 4.0 |
| 2018-11-26 | CVE-2018-13321 | Incorrect Permission Assignment for Critical Resource vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. | 6.5 |
| 2018-11-26 | CVE-2018-13320 | OS Command Injection vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. | 6.5 |
| 2018-11-26 | CVE-2018-13319 | Information Exposure vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. | 5.0 |
| 2018-11-26 | CVE-2018-13318 | OS Command Injection vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. | 6.5 |
| 2018-03-09 | CVE-2018-0522 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Buffalo Wxr-1900Dhp2 Firmware Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file. | 6.8 |