Buffalo: >> Ts5600d1206 Firmware Security Vulnerabilities
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter.
CVSS Score
7.2
EPSS Score
0.1
Published
2018-11-26
Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-11-26
System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters.
CVSS Score
7.2
EPSS Score
0.1
Published
2018-11-26
Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-11-26
Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-11-26
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-26
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-11-26