Ts5600d1206 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (7 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2018-13324	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	N/A
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.
CVE-2018-13323	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	N/A
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.
CVE-2018-13322	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	N/A
Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter.
CVE-2018-13321	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	N/A
Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter.
CVE-2018-13320	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	N/A
System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters.
CVE-2018-13319	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	N/A
Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.
CVE-2018-13318	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	N/A
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter.

Page 1 of 1.