Ts5600d1206 Firmware Security Vulnerabilities and Issues — Ts5600d1206 Firmware CVE List

Lucene search

BuffaloTs5600d1206 Firmware

7 matches found

CVE•added 2018/11/26 11:29 p.m.•38 views

CVE-2018-13320

System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters.

7.2CVSS7.8AI score0.09959EPSS

CVE•added 2018/11/26 11:29 p.m.•36 views

CVE-2018-13319

Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.

7.5CVSS7.4AI score0.00644EPSS

CVE•added 2018/11/26 11:29 p.m.•33 views

CVE-2018-13321

Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter.

8.8CVSS8.6AI score0.00377EPSS

CVE•added 2018/11/26 11:29 p.m.•33 views

CVE-2018-13324

Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.

9.8CVSS9.4AI score0.00334EPSS

CVE•added 2018/11/26 11:29 p.m.•31 views

CVE-2018-13322

Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter.

6.5CVSS6.4AI score0.00372EPSS

CVE•added 2018/11/26 11:29 p.m.•28 views

CVE-2018-13318

System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter.

7.2CVSS7.8AI score0.09959EPSS

CVE•added 2018/11/26 11:29 p.m.•27 views

CVE-2018-13323

Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.

6.1CVSS6.2AI score0.0024EPSS