Lucene search

[email protected]NVD:CVE-2023-49038

HistoryJan 29, 2024 - 9:15 p.m.

CVE-2023-49038

2024-01-2921:15:08

CWE-78

[email protected]

web.nvd.nist.gov

command injection

buffalo ls210d

remote attacker

arbitrary commands

root access} .

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

39.3%

JSON

Command injection in the ping utility on Buffalo LS210D 1.78-0.03 allows a remote authenticated attacker to inject arbitrary commands onto the NAS as root.

Affected configurations

Nvd

Node

buffalols210d_firmwareMatch1.78-0.03

AND

buffalols210dMatch-

VendorProductVersionCPE
buffalols210d_firmware1.78-0.03cpe:2.3:o:buffalo:ls210d_firmware:1.78-0.03:*:*:*:*:*:*:*
buffalols210d-cpe:2.3:h:buffalo:ls210d:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
buffalo	ls210d_firmware	1.78-0.03	cpe:2.3:o:buffalo:ls210d_firmware:1.78-0.03:::::::*
buffalo	ls210d	-	cpe:2.3:h:buffalo:ls210d:-:::::::*

References

github.com/christopher-pace/CVE-2023-49038

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

39.3%

JSON

Related for NVD:CVE-2023-49038

prion1 cve1 openvas1 cvelist1