CVE-2025-61871

NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

CVE-2025-61871

NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

Buffalo NAS Navigator2 代码问题漏洞

Buffalo NAS Navigator2 is a network storage device management tool from Buffalo Japan. A code issue vulnerability exists in Buffalo NAS Navigator2 versions prior to 3.12.0 that stems from a Windows service registering unquoted file paths, which could lead to the execution of arbitrary code by a...

Buffalo NAS Remote Shutdown

The Buffalo NAS device includes a web interface located at its IP address. A shutdown of the device can be initiated without confirmation by loading the endpoint /shutdown.html on this address. This shutdown powers off the device, requiring physical access to restart. The shutdown webpage has no...

Buffalo NAS Login Utility

This module simply attempts to login to a Buffalo NAS instance using a specific username and password. It has been confirmed to work on version 1.68 This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require...