CVE-2023-39620

Published: Sep 8, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function.

Affected (1)

Products: Buffalo: Terastation Nas 5410r Firmware

Buffalo

1 product

Terastation Nas 5410r Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Buffalo Terastation Nas 5410r Firmware	Version 5.00-0.07

Running on/with	Platform Versions
Buffalo Terastation Nas 5410r	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (3)

https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration.

Source: cve@mitre.org

Broken Link

https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration

Source: nvd@nist.gov

Exploit

https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration.

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.