Buffalo CVE - OpenCVE

Filtered by vendor Buffalo Subscribe

Total 49 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2021-20716	1 Buffalo	70 Bhr-4rv, Bhr-4rv Firmware, Fs-g54 and 67 more	2024-11-21	10.0 HIGH	9.8 CRITICAL
Hidden functionality in multiple Buffalo network devices (BHR-4RV firmware Ver.2.55 and prior, FS-G54 firmware Ver.2.04 and prior, WBR2-B11 firmware Ver.2.32 and prior, WBR2-G54 firmware Ver.2.32 and prior, WBR2-G54-KD firmware Ver.2.32 and prior, WBR-B11 firmware Ver.2.23 and prior, WBR-G54 firmware Ver.2.23 and prior, WBR-G54L firmware Ver.2.20 and prior, WHR2-A54G54 firmware Ver.2.25 and prior, WHR2-G54 firmware Ver.2.23 and prior, WHR2-G54V firmware Ver.2.55 and prior, WHR3-AG54 firmware Ver.2.23 and prior, WHR-G54 firmware Ver.2.16 and prior, WHR-G54-NF firmware Ver.2.10 and prior, WLA2-G54 firmware Ver.2.24 and prior, WLA2-G54C firmware Ver.2.24 and prior, WLA-B11 firmware Ver.2.20 and prior, WLA-G54 firmware Ver.2.20 and prior, WLA-G54C firmware Ver.2.20 and prior, WLAH-A54G54 firmware Ver.2.54 and prior, WLAH-AM54G54 firmware Ver.2.54 and prior, WLAH-G54 firmware Ver.2.54 and prior, WLI2-TX1-AG54 firmware Ver.2.53 and prior, WLI2-TX1-AMG54 firmware Ver.2.53 and prior, WLI2-TX1-G54 firmware Ver.2.20 and prior, WLI3-TX1-AMG54 firmware Ver.2.53 and prior, WLI3-TX1-G54 firmware Ver.2.53 and prior, WLI-T1-B11 firmware Ver.2.20 and prior, WLI-TX1-G54 firmware Ver.2.20 and prior, WVR-G54-NF firmware Ver.2.02 and prior, WZR-G108 firmware Ver.2.41 and prior, WZR-G54 firmware Ver.2.41 and prior, WZR-HP-G54 firmware Ver.2.41 and prior, WZR-RS-G54 firmware Ver.2.55 and prior, and WZR-RS-G54HP firmware Ver.2.55 and prior) allows a remote attacker to enable the debug option and to execute arbitrary code or OS commands, change the configuration, and cause a denial of service (DoS) condition.
CVE-2021-20092	1 Buffalo	4 Wsr-2533dhp3-bk, Wsr-2533dhp3-bk Firmware, Wsr-2533dhpl2-bk and 1 more	2024-11-21	5.0 MEDIUM	7.5 HIGH
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor.
CVE-2021-20091	1 Buffalo	4 Wsr-2533dhp3-bk, Wsr-2533dhp3-bk Firmware, Wsr-2533dhpl2-bk and 1 more	2024-11-21	6.5 MEDIUM	8.8 HIGH
The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution.
CVE-2021-20090	1 Buffalo	4 Wsr-2533dhp3-bk, Wsr-2533dhp3-bk Firmware, Wsr-2533dhpl2-bk and 1 more	2024-11-21	7.5 HIGH	9.8 CRITICAL
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.
CVE-2020-5606	1 Buffalo	2 Airstation Whr-g54s, Airstation Whr-g54s Firmware	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.
CVE-2020-5605	1 Buffalo	2 Airstation Whr-g54s, Airstation Whr-g54s Firmware	2024-11-21	4.0 MEDIUM	4.3 MEDIUM
Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.
CVE-2018-16961	1 Buffalo	1 Open Xdmod	2024-11-21	5.0 MEDIUM	7.5 HIGH
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories.
CVE-2018-16960	1 Buffalo	1 Open Xdmod	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter.
CVE-2018-13324	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	7.5 HIGH	9.8 CRITICAL
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.
CVE-2018-13323	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.
CVE-2018-13322	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	4.0 MEDIUM	6.5 MEDIUM
Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter.
CVE-2018-13321	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	6.5 MEDIUM	8.8 HIGH
Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter.
CVE-2018-13320	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	6.5 MEDIUM	7.2 HIGH
System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters.
CVE-2018-13319	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	5.0 MEDIUM	7.5 HIGH
Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.
CVE-2018-13318	1 Buffalo	2 Ts5600d1206, Ts5600d1206 Firmware	2024-11-21	6.5 MEDIUM	7.2 HIGH
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter.
CVE-2018-0556	1 Buffalo	2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware	2024-11-21	8.3 HIGH	8.8 HIGH
Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
CVE-2018-0555	1 Buffalo	2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware	2024-11-21	9.3 HIGH	7.8 HIGH
Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file.
CVE-2018-0554	1 Buffalo	2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware	2024-11-21	8.3 HIGH	8.8 HIGH
Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.
CVE-2018-0523	1 Buffalo	2 Wxr-1900dhp2, Wxr-1900dhp2 Firmware	2024-11-21	8.3 HIGH	8.8 HIGH
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
CVE-2018-0522	1 Buffalo	2 Wxr-1900dhp2, Wxr-1900dhp2 Firmware	2024-11-21	6.8 MEDIUM	7.8 HIGH
Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file.

Vulnerabilities (CVE)