Lucene search

JpcertCVELIST:CVE-2023-24464

HistoryApr 11, 2023 - 12:00 a.m.

CVE-2023-24464

2023-04-1100:00:00

jpcert

www.cve.org

stored-cross-site scripting

buffalo network devices

web management console

arbitrary javascript

bs-gs2008

bs-gs2016

bs-gs2024

bs-gs2048

bs-gs2008p

bs-gs2016p

bs-gs2024p

firmware

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.5%

JSON

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user’s web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

CNA Affected

[
  {
    "vendor": "BUFFALO INC.",
    "product": "BS-GS series",
    "versions": [
      {
        "version": "BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU96824262/

www.buffalo.jp/news/detail/20230310-01.html