Lucene search

[email protected]CVE-2023-24464

HistoryApr 11, 2023 - 9:15 a.m.

CVE-2023-24464

2023-04-1109:15:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-24464

cross-site scripting

buffalo

network devices

web management console

security vulnerability

remote attackers

javascript execution

nvd

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.5%

JSON

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user’s web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

Affected configurations

Vulners

NVD

Node

buffalobs-gs2008Match1.0.10.01

VendorProductVersionCPE
buffalobs\-gs20081.0.10.01cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:*:*:*:*:*:*:*
buffalobs\-gs20081.0.10.01cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:*:*:*:*:*:*:*
buffalobs\-gs20081.0.10.01cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:*:*:*:*:*:*:*
buffalobs\-gs20081.0.10.01cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:*:*:*:*:*:*:*
buffalobs\-gs20081.0.10.01cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:*:*:*:*:*:*:*
buffalobs\-gs20081.0.10.01cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:*:*:*:*:*:*:*
buffalobs\-gs20081.0.10.01cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
buffalo	bs\-gs2008	1.0.10.01	cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:::::::*
buffalo	bs\-gs2008	1.0.10.01	cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:::::::*
buffalo	bs\-gs2008	1.0.10.01	cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:::::::*
buffalo	bs\-gs2008	1.0.10.01	cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:::::::*
buffalo	bs\-gs2008	1.0.10.01	cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:::::::*
buffalo	bs\-gs2008	1.0.10.01	cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:::::::*
buffalo	bs\-gs2008	1.0.10.01	cpe:2.3:h:buffalo:bs\-gs2008:1.0.10.01:::::::*

CNA Affected

[
  {
    "vendor": "BUFFALO INC.",
    "product": "BS-GS series",
    "versions": [
      {
        "version": "BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU96824262/

www.buffalo.jp/news/detail/20230310-01.html