CVE-2023-39620

An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:buffalo:terastation_nas_5410r_firmware:5.00-0.07:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:terastation_nas_5410r:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:15

Type Values Removed Values Added
References () https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration. - Broken Link () https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration. - Broken Link

26 Sep 2024, 18:35

Type Values Removed Values Added
CWE CWE-200

12 Sep 2023, 00:10

Type Values Removed Values Added
CPE cpe:2.3:o:buffalo:terastation_nas_5410r_firmware:5.00-0.07:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:terastation_nas_5410r:-:*:*:*:*:*:*:*
References
  • (MISC) https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration - Exploit
References (MISC) https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration. - (MISC) https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration. - Broken Link
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE NVD-CWE-noinfo
First Time Buffalo terastation Nas 5410r Firmware
Buffalo terastation Nas 5410r
Buffalo

08 Sep 2023, 03:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-09-08 03:15

Updated : 2024-11-21 08:15


NVD link : CVE-2023-39620

Mitre link : CVE-2023-39620

CVE.ORG link : CVE-2023-39620


JSON object : View

Products Affected

buffalo

  • terastation_nas_5410r
  • terastation_nas_5410r_firmware
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor