Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Buffalo Subscribe
Total 39 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-16960 1 Buffalo 1 Open Xdmod 2019-05-03 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xd_user_formal_name parameter.
CVE-2018-16961 1 Buffalo 1 Open Xdmod 2019-05-03 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/dl_publication.php allows Path traversal via the file parameter, allowing remote attackers to read PDF files in arbitrary directories.
CVE-2018-13319 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2018-12-31 5.0 MEDIUM 7.5 HIGH
Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.
CVE-2018-13322 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2018-12-26 4.0 MEDIUM 6.5 MEDIUM
Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter.
CVE-2018-13323 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2018-12-26 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.
CVE-2018-0556 1 Buffalo 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware 2018-05-16 8.3 HIGH 8.8 HIGH
Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
CVE-2018-0555 1 Buffalo 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware 2018-05-16 9.3 HIGH 7.8 HIGH
Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to execute arbitrary code via a specially crafted file.
CVE-2018-0554 1 Buffalo 2 Wzr-1750dhp2, Wzr-1750dhp2 Firmware 2018-05-16 8.3 HIGH 8.8 HIGH
Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.
CVE-2018-0523 1 Buffalo 2 Wxr-1900dhp2, Wxr-1900dhp2 Firmware 2018-03-26 8.3 HIGH 8.8 HIGH
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
CVE-2018-0522 1 Buffalo 2 Wxr-1900dhp2, Wxr-1900dhp2 Firmware 2018-03-26 6.8 MEDIUM 7.8 HIGH
Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to execute arbitrary code via a specially crafted file.
CVE-2018-0521 1 Buffalo 2 Wxr-1900dhp2, Wxr-1900dhp2 Firmware 2018-03-26 8.3 HIGH 8.8 HIGH
Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker to bypass authentication and execute arbitrary commands on the device via unspecified vectors.
CVE-2017-10897 1 Buffalo 4 Bbr-4hg, Bbr-4hg Firmware, Bbr-4mg and 1 more 2017-12-20 5.5 MEDIUM 4.5 MEDIUM
Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors.
CVE-2017-10896 1 Buffalo 4 Bbr-4hg, Bbr-4hg Firmware, Bbr-4mg and 1 more 2017-12-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-2274 1 Buffalo 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more 2017-11-08 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-10811 1 Buffalo 2 Wcr-1166ds, Wcr-1166ds Firmware 2017-08-25 7.7 HIGH 6.8 MEDIUM
Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an attacker to execute arbitrary OS commands via unspecified vectors.
CVE-2017-2273 1 Buffalo 4 Wmr-433, Wmr-433 Firmware, Wmr-433w and 1 more 2017-08-10 6.8 MEDIUM 8.8 HIGH
Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
CVE-2017-2126 1 Buffalo 4 Wapm-1166d, Wapm-1166d Firmware, Wapm-apg600h and 1 more 2017-07-27 10.0 HIGH 9.8 CRITICAL
WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.
CVE-2016-4816 1 Buffalo 68 Bhr-4grv, Bhr-4grv Firmware, Dwr-hp-g300nh and 65 more 2016-06-21 4.3 MEDIUM 6.5 MEDIUM
BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices allow remote attackers to discover credentials and other sensitive information via unspecified vectors.
CVE-2016-4815 1 Buffalo 12 Wzr-600dhp2, Wzr-600dhp2 Firmware, Wzr-600dhp3 and 9 more 2016-06-21 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and WZR-S600DHP devices with firmware 2.16 and earlier allows remote attackers to read arbitrary files via unspecified vectors.