CVE-2018-13319

Published: Nov 26, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.

Affected (1)

Products: Buffalo: Ts5600d1206 Firmware

Buffalo

1 product

Ts5600d1206 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Ts5600d1206 Firmware	Version 3.61-0.10

Running on/with	Platform Versions
Buffalo Ts5600d1206	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d

Source: cve@mitre.org

ExploitThird Party Advisory

https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.