Total
7 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-13324 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. | |||||
CVE-2018-13323 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. | |||||
CVE-2018-13322 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. | |||||
CVE-2018-13321 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. | |||||
CVE-2018-13320 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. | |||||
CVE-2018-13319 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. | |||||
CVE-2018-13318 | 1 Buffalo | 2 Ts5600d1206, Ts5600d1206 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. |