CVE-2023-46711

VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic key which may allow an attacker to analyze the password of a specific product user.
References
Link Resource
https://jvn.jp/en/jp/JVN23771490/ Third Party Advisory
https://www.buffalo.jp/news/detail/20231225-01.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:buffalo:vr-s1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:vr-s1000:-:*:*:*:*:*:*:*

History

04 Jan 2024, 02:45

Type Values Removed Values Added
CWE CWE-798
References () https://jvn.jp/en/jp/JVN23771490/ - () https://jvn.jp/en/jp/JVN23771490/ - Third Party Advisory
References () https://www.buffalo.jp/news/detail/20231225-01.html - () https://www.buffalo.jp/news/detail/20231225-01.html - Patch, Vendor Advisory
CPE cpe:2.3:h:buffalo:vr-s1000:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:vr-s1000_firmware:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.6
First Time Buffalo vr-s1000 Firmware
Buffalo
Buffalo vr-s1000

26 Dec 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-26 08:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-46711

Mitre link : CVE-2023-46711

CVE.ORG link : CVE-2023-46711


JSON object : View

Products Affected

buffalo

  • vr-s1000
  • vr-s1000_firmware
CWE
CWE-798

Use of Hard-coded Credentials