CVEs (7)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Buffalo 1Ts5600d1206 Firmware Nov 21, 2024 Nov 26, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header. |
1Buffalo 1Ts5600d1206 Firmware Nov 21, 2024 Nov 26, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. |
1Buffalo 1Ts5600d1206 Firmware Nov 21, 2024 Nov 26, 2018 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter. |
1Buffalo 1Ts5600d1206 Firmware Nov 21, 2024 Nov 26, 2018 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. |
1Buffalo 1Ts5600d1206 Firmware Nov 21, 2024 Nov 26, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters. |
1Buffalo 1Ts5600d1206 Firmware Nov 21, 2024 Nov 26, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request. |
1Buffalo 1Ts5600d1206 Firmware Nov 21, 2024 Nov 26, 2018 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter. |