Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Buffalo Subscribe
Filtered by product Ts5600d1206
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-13321 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2019-10-02 6.5 MEDIUM 8.8 HIGH
Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter.
CVE-2018-13318 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2019-10-02 6.5 MEDIUM 7.2 HIGH
System command injection in User.create method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute system commands via the "name" parameter.
CVE-2018-13320 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2019-10-02 6.5 MEDIUM 7.2 HIGH
System Command Injection in network.set_auth_settings in Buffalo TS5600D1206 version 3.70-0.10 allows attackers to execute system commands via the adminUsername and adminPassword parameters.
CVE-2018-13324 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2019-10-02 7.5 HIGH 9.8 CRITICAL
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to bypass authentication by sending a modified HTTP Host header.
CVE-2018-13319 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2018-12-31 5.0 MEDIUM 7.5 HIGH
Incorrect access control in get_portal_info in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to determine sensitive device information via an unauthenticated POST request.
CVE-2018-13322 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2018-12-26 4.0 MEDIUM 6.5 MEDIUM
Directory traversal in list_folders method in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to list directory contents via the "path" parameter.
CVE-2018-13323 1 Buffalo 2 Ts5600d1206, Ts5600d1206 Firmware 2018-12-26 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie.