Lucene search

[email protected]NVD:CVE-2023-26588

HistoryApr 11, 2023 - 9:15 a.m.

CVE-2023-26588

2023-04-1109:15:08

CWE-668

[email protected]

web.nvd.nist.gov

buffalo network devices

hard-coded credentials

debug function

vulnerability

affected products

cve-2023-26588

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

JSON

Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

Affected configurations

NVD

Node

buffalobs-gsl2024_firmwareRange≤1.10-0.03

AND

buffalobs-gsl2024Match-

Node

buffalobs-gsl2016p_firmwareRange≤1.10-0.03

AND

buffalobs-gsl2016pMatch-

Node

buffalobs-gsl2016_firmwareRange≤1.10-0.03

AND

buffalobs-gsl2016Match-

Node

buffalobs-gs2008_firmwareRange≤1.0.10.01

AND

buffalobs-gs2008Match-

Node

buffalobs-gs2016Match-

AND

buffalobs-gs2016_firmwareRange≤1.0.10.01

Node

buffalobs-gs2024Match-

AND

buffalobs-gs2024_firmwareRange≤1.0.10.01

Node

buffalobs-gs2048Match-

AND

buffalobs-gs2048_firmwareRange≤1.0.10.01

Node

buffalobs-gs2008p_firmwareRange≤1.0.10.01

AND

buffalobs-gs2008pMatch-

Node

buffalobs-gs2016p_firmwareRange≤1.0.10.01

AND

buffalobs-gs2016pMatch-

Node

buffalobs-gs2024p_firmwareRange≤1.0.10.01

AND

buffalobs-gs2024pMatch-

Node

buffalobs-gsl2005_firmwareRange<1.12-0.01

AND

buffalobs-gsl2005Match-

Node

buffalobs-gsl2008_firmwareRange<1.12-0.01

AND

buffalobs-gsl2008Match-

Node

buffalobs-gsl2005pMatch-

AND

buffalobs-gsl2005p_firmwareRange<1.11-0.01

Node

buffalobs-gsl2008pMatch-

AND

buffalobs-gsl2008p_firmwareRange<1.11-0.01

Node

buffalobs-gs2016pMatch-

AND

buffalobs-gs2016p_firmwareRange<1.1.7.01

Node

buffalobs-gs2016hpMatch-

AND

buffalobs-gs2016hp_firmwareRange<1.1.7.01

Node

buffalobs-gs2024pMatch-

AND

buffalobs-gs2024p_firmwareRange<1.1.7.01

Node

buffalobs-gs2024hp_firmwareRange<1.1.7.01

AND

buffalobs-gs2024hpMatch-

References

jvn.jp/en/vu/JVNVU96824262/

www.buffalo.jp/news/detail/20230310-01.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.3%

JSON

Related for NVD:CVE-2023-26588

cvelist1 prion1 cve1