Description
Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root.
Published: 2026-03-16
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Password Hash Disclosure
Action: Update Firmware
AI Analysis

Impact

The vulnerability is an excessive file permissions flaw in the Buffalo TeraStation NAS TS5400R firmware. It permits authenticated users to upload and execute a PHP file via the web interface, which in turn enables them to read the /etc/shadow file. This disclosure can reveal hashed passwords for all configured accounts, including root, thereby compromising the confidentiality of the system's credentials. The weakness is classified as CWE‑732.

Affected Systems

Affected products are Buffalo TeraStation NAS TS5400R running firmware 4.02‑0.06 or earlier. Only these versions contain the stored permission flaw; newer firmware revisions are presumed fixed (though not listed explicitly).

Risk and Exploitability

The CVSS score for this vulnerability is 6.9, indicating medium severity. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires authenticated access to the device’s web interface, though the web server is reachable from the local network. Once authenticated, an attacker can upload a malicious PHP script, trigger it, and read /etc/shadow without additional privileges. The moderate CVSS score, absence of a public exploit, and the need for valid credentials suggest that while the risk is significant for insiders or compromised local users, the broader threat surface is limited.

Generated by OpenCVE AI on March 16, 2026 at 22:53 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to the latest available firmware that removes the excessive file permissions flaw.
  • Restrict the web interface to trusted users and disable or remove the ability to upload PHP files.
  • Verify that /etc/shadow and other sensitive files have appropriate ownership and permissions and are not world-readable.
  • Implement strong authentication and enforce least privilege for local accounts.

Generated by OpenCVE AI on March 16, 2026 at 22:53 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 15:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Buffalo
Buffalo terastation Nas Ts5400r
Vendors & Products Buffalo
Buffalo terastation Nas Ts5400r

Mon, 16 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
Description Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root.
Title Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure
Weaknesses CWE-732
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Buffalo Terastation Nas Ts5400r
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-17T15:28:01.152Z

Reserved: 2026-03-04T15:39:26.872Z

Link: CVE-2026-29516

cve-icon Vulnrichment

Updated: 2026-03-16T20:08:33.673Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-16T20:16:18.113

Modified: 2026-03-17T16:16:21.760

Link: CVE-2026-29516

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:49:55Z

Weaknesses