14 matches found
CVE-2025-61871
NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
CVE-2025-61871
NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...
JVN#12824024: BUFFALO wireless LAN routers and wireless LAN repeaters vulnerable to OS command injection
Wireless LAN routers and wireless LAN repeaters provided by BUFFALO INC. contain an OS command injection vulnerability CWE-78. Impact If a user logs in to the management page and sends a specially crafted request to the affected product from the product's specific management page, an arbitrary OS...
JVN#58236836: Multiple vulnerabilities in BUFFALO wireless LAN routers
Multiple wireless LAN routers provided by BUFFALO INC. contain multiple vulnerabilities listed below. Plaintext storage of a password CWE-256 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Base Score 6.5 CVE-2024-23486 OS Command Injection CWE-78 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base...
Buffalo WSR-1166DHP3 and WSR-1166DHP4 Access Control Error Vulnerability
Buffalo WSR-1166DHP3 and WSR-1166DHP4 are routers from BUFFALO INC. An access control error vulnerability exists in Buffalo WSR-1166DHP3 and WSR-1166DHP4, which could be exploited by an attacker to obtain configuration information via unspecified vectors...
JVN#97144273: Multiple vulnerabilities in WXR-1900DHP2
WXR-1900DHP2 provided by BUFFALO INC. is a wireless LAN router. WXR-1900DHP2 contains multiple vulnerabilities listed below. Missing Authentication for Critical Function CWE-306 - CVE-2018-0521 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H| Base Score:...
JVN#05340005: WCR-1166DS vulnerable to OS command injection
WCR-1166DS provided by BUFFALO INC.is a wireless LAN router. WCR-1166DS contains an OS command injection vulnerability CWE-78. Impact A user who can access the administrative console of the device may execute an arbitrary OS command. Solution Update the Firmware Apply the firmware update accordin...
JVN#74871939: WSR-300HP vulnerable to arbitrary code execution
WSR-300HP provided by BUFFALO INC. is a wireless LAN router. WSR-300HP contains an arbitrary code execution vulnerability. Impact By executing a specially crafted request prepared by a remote attacker, arbitrary code may be executed. Solution Update the Firmware Apply the firmware update accordin...
JVN#48413726: Multiple vulnerabilities in multiple Buffalo wireless LAN routers
WMR-433 and WMR-433W provided by BUFFALO INC. are wireless LAN routers. WMR-433 and WMR-433W contain multiple vulnerabilities listed below. Cross-site Request Forgery CWE-352 - CVE-2017-2273 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L| Base Score: 4.3...
JVN#40613060: Multiple vulnerabilities in WNC01WH
WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains multiple vulnerabilities listed below. Denial-of-service DoS - CVE-2016-7821 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H| Base Score: 6.5 CVSS v2| AV:N/AC:H/Au:N/C:N/I:N/A:C| Base...
JVN#81698369: Multiple Buffalo wireless LAN routers vulnerable to directory traversal
Multiple wireless LAN routers provided by BUFFALO INC. contain a directory traversal vulnerability CWE-22. Impact Arbitrary files on the server may be viewed by an attacker who can access the product. Solution Update the Firmware Apply the appropriate firmware update provided by the developer...
JVN#49225722: Multiple Buffalo network devices vulnerable to cross-site scripting
Multiple network devices provided by BUFFALO INC. contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the firmware Update the firmware according to the information provided by the developer. Products Affecte...
JVN#09268287: Multiple Buffalo network devices vulnerable to cross-site request forgery
Multiple network devices provided by BUFFALO INC. contain a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the firmware Update the firmware according to the information provided by...
JVN#50447904: Multiple Buffalo wireless LAN routers vulnerable to OS command injection
Multiple wireless LAN routers provided by BUFFALO INC. contain an OS command injection vulnerability. Impact An authenticated attacker may be able to execute arbitrary OS commands. Solution Update the Firmware Apply the appropriate firmware update provided by the developer. Products Affected...