VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN23771490/ | Third Party Advisory |
https://www.buffalo.jp/news/detail/20231225-01.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
04 Jan 2024, 02:45
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-798 | |
References | () https://jvn.jp/en/jp/JVN23771490/ - Third Party Advisory | |
References | () https://www.buffalo.jp/news/detail/20231225-01.html - Patch, Vendor Advisory | |
CPE | cpe:2.3:h:buffalo:vr-s1000:-:*:*:*:*:*:*:* cpe:2.3:o:buffalo:vr-s1000_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.6 |
First Time |
Buffalo vr-s1000 Firmware
Buffalo Buffalo vr-s1000 |
26 Dec 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-26 08:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-46711
Mitre link : CVE-2023-46711
CVE.ORG link : CVE-2023-46711
JSON object : View
Products Affected
buffalo
- vr-s1000
- vr-s1000_firmware
CWE
CWE-798
Use of Hard-coded Credentials