CVE-2025-66954

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

EUVD-2025-209534

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

CVE-2025-66954

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

CVE-2025-66954

The CVE-2025-66954 entry concerns Buffalo LinkStation v1.85-0.01 where unauthenticated or guest users can enumerate valid usernames and their privilege roles by modifying a parameter in requests to /nasapi. This is the concrete vulnerability described across the CVE and EUVD records; no exploitat...

CVE-2025-66954

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

CVE-2025-66954

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

PT-2026-33792

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

Buffalo LinkStation 安全漏洞

The Buffalo LinkStation is a home-use and small-office NAS device from the Japanese company Buffalo. There is a security vulnerability in the Buffalo LinkStation 1.85-0.01 version. This vulnerability stems from modifying the parameters in the /nasapi endpoint requests, which may lead to unvalidat...

CVE-2025-66954

A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint...

Buffalo TS5600D1206 Access Control Error Vulnerability (CNVD-2019-00678)

The Buffalo TS5600D1206 is a network storage device from the Buffalo Group of Japan. An access control error vulnerability exists in the nasapi in the Buffalo TS5600D1206 version 3.61-0.10, which can be exploited by an attacker to call a dangerous internal function with the 'method' parameter...

CVE-2018-13324

Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header...

CVE-2018-13321

Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter...

Authentication flaw

Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header...

CVE-2018-13324

Buffalo TS5600D1206 NAS firmware (version 3.61-0.10) contains an authentication bypass in nasapi. The root cause is improper access control that allows an attacker to bypass login by sending a modified HTTP Host header. Public references in the connected documents corroborate this vulnerability a...

CVE-2018-13324

Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header...

CVE-2018-13321

CVE-2018-13321 affects Buffalo TS5600D1206 NAS devices (nasapi) with version 3.61-0.10. Root cause: incorrect access controls that let an attacker invoke dangerous internal functions via the method parameter. Documented impact indicates high severity (CVSS3: 8.8; confidentiality, integrity, and a...

CVE-2018-13321

Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter...