Vulnerability Details CVE-2023-24464
Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.6%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2023-24464
-
cpe:2.3:h:buffalo:bs-gs2008:-
-
cpe:2.3:h:buffalo:bs-gs2008p:-
-
cpe:2.3:h:buffalo:bs-gs2016:-
-
cpe:2.3:h:buffalo:bs-gs2016p:-
-
cpe:2.3:h:buffalo:bs-gs2024:-
-
cpe:2.3:h:buffalo:bs-gs2024p:-
-
cpe:2.3:h:buffalo:bs-gs2048:-
-
cpe:2.3:o:buffalo:bs-gs2008_firmware:-
-
cpe:2.3:o:buffalo:bs-gs2008_firmware:1.0.10.01
-
cpe:2.3:o:buffalo:bs-gs2008p_firmware:-
-
cpe:2.3:o:buffalo:bs-gs2008p_firmware:1.0.10.01
-
cpe:2.3:o:buffalo:bs-gs2016_firmware:-
-
cpe:2.3:o:buffalo:bs-gs2016_firmware:1.0.10.01
-
cpe:2.3:o:buffalo:bs-gs2016p_firmware:-
-
cpe:2.3:o:buffalo:bs-gs2016p_firmware:1.0.10.01
-
cpe:2.3:o:buffalo:bs-gs2024_firmware:-
-
cpe:2.3:o:buffalo:bs-gs2024_firmware:1.0.10.01
-
cpe:2.3:o:buffalo:bs-gs2024p_firmware:-
-
cpe:2.3:o:buffalo:bs-gs2024p_firmware:1.0.10.01
-
cpe:2.3:o:buffalo:bs-gs2048_firmware:-
-
cpe:2.3:o:buffalo:bs-gs2048_firmware:1.0.10.01