CVE-2023-24464

Published: Apr 11, 2023Modified: Feb 11, 2025

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

Affected (7)

Products: Buffalo: Bs Gs2008 Firmware, Bs Gs2016 Firmware, Bs Gs2024 Firmware, Bs Gs2048 Firmware, Bs Gs2008p Firmware, Bs Gs2016p Firmware, Bs Gs2024p Firmware

7 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Bs Gs2008 Firmware	Up to 1.0.10.01

Running on/with	Platform Versions
Buffalo Bs Gs2008	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Bs Gs2016 Firmware	Up to 1.0.10.01

Running on/with	Platform Versions
Buffalo Bs Gs2016	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Bs Gs2024 Firmware	Up to 1.0.10.01

Running on/with	Platform Versions
Buffalo Bs Gs2024	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Bs Gs2048 Firmware	Up to 1.0.10.01

Running on/with	Platform Versions
Buffalo Bs Gs2048	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Bs Gs2008p Firmware	Up to 1.0.10.01

Running on/with	Platform Versions
Buffalo Bs Gs2008p	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Bs Gs2016p Firmware	Up to 1.0.10.01

Running on/with	Platform Versions
Buffalo Bs Gs2016p	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Bs Gs2024p Firmware	Up to 1.0.10.01

Running on/with	Platform Versions
Buffalo Bs Gs2024p	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://jvn.jp/en/vu/JVNVU96824262/

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

https://www.buffalo.jp/news/detail/20230310-01.html

Source: vultures@jpcert.or.jp

PatchVendor Advisory

https://jvn.jp/en/vu/JVNVU96824262/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://www.buffalo.jp/news/detail/20230310-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.