Vulnerabilities (CVE)

Filtered by vendor Buffalo Subscribe
Filtered by product Ts5600d1206
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-13324 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.
CVE-2018-13323 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.
CVE-2018-13322 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter.
CVE-2018-13321 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2024-11-21 6.5 MEDIUM 8.8 HIGH
Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter.
CVE-2018-13320 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2024-11-21 6.5 MEDIUM 7.2 HIGH
System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters.
CVE-2018-13319 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2024-11-21 5.0 MEDIUM 7.5 HIGH
Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.
CVE-2018-13318 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2024-11-21 6.5 MEDIUM 7.2 HIGH
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter.