Filtered by vendor Buffalo
Subscriptions
Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-39620 | 2 Buffalo, Buffalo America Inc | 3 Terastation Nas 5410r, Terastation Nas 5410r Firmware, Terastation Nas Ts5410r | 2024-09-26 | 7.5 High |
| An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function. | ||||
| CVE-2023-46711 | 1 Buffalo | 2 Vr-s1000, Vr-s1000 Firmware | 2024-09-12 | 4.6 Medium |
| VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user. | ||||
| CVE-2016-4816 | 1 Buffalo | 68 Bhr-4grv, Bhr-4grv Firmware, Dwr-hp-g300nh and 65 more | 2024-08-06 | N/A |
| BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors. | ||||
| CVE-2016-4815 | 1 Buffalo | 12 Wzr-600dhp2, Wzr-600dhp2 Firmware, Wzr-600dhp3 and 9 more | 2024-08-06 | N/A |
| Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2017-10896 | 1 Buffalo | 4 Bbr-4hg, Bbr-4hg Firmware, Bbr-4mg and 1 more | 2024-08-05 | N/A |
| Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-10897 | 1 Buffalo | 4 Bbr-4hg, Bbr-4hg Firmware, Bbr-4mg and 1 more | 2024-08-05 | N/A |
| Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors. | ||||
| CVE-2017-10811 | 1 Buffalo | 2 Wcr-1166ds, Wcr-1166ds Firmware | 2024-08-05 | N/A |
| Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2017-2273 | 1 Buffalo | 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more | 2024-08-05 | N/A |
| Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | ||||
| CVE-2017-2274 | 1 Buffalo | 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more | 2024-08-05 | N/A |
| Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2017-2126 | 1 Buffalo | 4 Wapm-1166d, Wapm-1166d Firmware, Wapm-apg600h and 1 more | 2024-08-05 | N/A |
| WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors. | ||||
| CVE-2018-16960 | 1 Buffalo | 1 Open Xdmod | 2024-08-05 | N/A |
| An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter. | ||||
| CVE-2018-16961 | 1 Buffalo | 1 Open Xdmod | 2024-08-05 | N/A |
| An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories. | ||||
| CVE-2018-13322 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-08-05 | N/A |
| Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. | ||||
| CVE-2018-13319 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-08-05 | N/A |
| Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. | ||||
| CVE-2018-13324 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-08-05 | N/A |
| Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. | ||||
| CVE-2018-13323 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-08-05 | N/A |
| Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. | ||||
| CVE-2018-13318 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-08-05 | N/A |
| System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. | ||||
| CVE-2018-13321 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-08-05 | N/A |
| Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. | ||||
| CVE-2018-13320 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-08-05 | N/A |
| System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. | ||||
| CVE-2018-0556 | 1 Buffalo | 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware | 2024-08-05 | N/A |
| Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | ||||