Lucene search
K

659 matches found

Nuclei
Nuclei
added yesterday108 views

Buffalo WSR-2533DHPL2 - Configuration File Injection

The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 does not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially leading to remote code execution. id:...

9.8CVSS7.5AI score0.99983EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday78 views

Buffalo WSR-2533DHPL2 - Improper Access Control

The web interfaces of Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 do not properly restrict access to sensitive information from an unauthorized actor. id: CVE-2021-20092 info: name: Buffalo WSR-2533DHPL2 - Improper Access Control author: gy741,pdteam,par...

9.8CVSS7.2AI score0.99983EPSS
Exploits5References5
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.119 views

Buffalo WSR-2533DHPL2 - Path Traversal

Buffalo WSR-2533DHPL2 firmware version = 1.02 and WSR-2533DHP3 firmware version = 1.24 are susceptible to a path traversal vulnerability that could allow unauthenticated remote attackers to bypass authentication in their web interfaces. id: CVE-2021-20090 info: name: Buffalo WSR-2533DHPL2 - Path...

9.8CVSS8.3AI score0.99983EPSS
Exploits5References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.8 views

CVE-2025-66954

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

6.5CVSS5.5AI score0.00321EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/20 6:31 p.m.5 views

EUVD-2025-209534

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

6.5CVSS5.8AI score0.00321EPSS
Exploits0References2
NVD
NVD
added 2026/04/20 5:16 p.m.6 views

CVE-2025-66954

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

6.5CVSS0.00321EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/20 12:0 a.m.6 views

CVE-2025-66954

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

6.5CVSS5.8AI score0.00321EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

Buffalo LinkStation 安全漏洞

The Buffalo LinkStation is a home-use and small-office NAS device from the Japanese company Buffalo. There is a security vulnerability in the Buffalo LinkStation 1.85-0.01 version. This vulnerability stems from modifying the parameters in the /nasapi endpoint requests, which may lead to unvalidat...

6.5CVSS5.8AI score0.00321EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/20 12:0 a.m.26 views

CVE-2025-66954

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

0.00321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33792

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

6.5CVSS5.8AI score0.00321EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 12:0 a.m.3 views

CVE-2025-66954

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

5.8AI score0.00321EPSS
Exploits0References1
CVE
CVE
added 2026/04/20 12:0 a.m.13 views

CVE-2025-66954

The CVE-2025-66954 entry concerns Buffalo LinkStation v1.85-0.01 where unauthenticated or guest users can enumerate valid usernames and their privilege roles by modifying a parameter in requests to /nasapi. This is the concrete vulnerability described across the CVE and EUVD records; no exploitat...

6.5CVSS5.8AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 10:51 a.m.6 views

CVE-2026-32669

Code injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary code may be executed on the products...

9.8CVSS7.3AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 10:51 a.m.4 views

CVE-2026-32678

Authentication bypass issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to alter critical configuration settings without authentication...

8.7CVSS7.1AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 10:51 a.m.5 views

CVE-2026-33366

Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication...

6.9CVSS6.1AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 10:51 a.m.4 views

CVE-2026-33280

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands...

9.8CVSS7.3AI score0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/28 10:51 a.m.4 views

CVE-2026-27650

OS Command Injection vulnerability exists in BUFFALO Wi-Fi router products. If this vulnerability is exploited, an arbitrary OS command may be executed on the products...

9.8CVSS7.3AI score0.00922EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/03/27 8:18 a.m.38 views

Multiple vulnerabilities in BUFFALO Wi-Fi routers

Overview Wi-Fi router products provided by BUFFALO INC. contain multiple vulnerabilities listed below. Dependency on vulnerable third-party component CWE-1395 - This issue is caused by a vulnerability in minihttpd CVE-2015-1548. OS command injection CWE-78 - CVE-2026-27650 Code injection CWE-94 -...

9.8CVSS7.3AI score0.01335EPSS
Exploits1References10
EUVD
EUVD
added 2026/03/27 6:31 a.m.8 views

EUVD-2026-16549

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands...

8.6CVSS7.3AI score0.00377EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/27 6:31 a.m.3 views

EUVD-2026-16551

Missing authentication for critical function vulnerability in BUFFALO Wi-Fi router products may allow an attacker to forcibly reboot the product without authentication...

6.9CVSS6.1AI score0.0034EPSS
Exploits0References3
Rows per page
Query Builder