PT-2018-11745 · Buffalo · Buffalo Ts5600D1206
Publicado
2018-11-26
·
Atualizado
2019-10-03
·
CVE-2018-13321
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Buffalo TS5600D1206 version 3.61-0.10
Description
The issue is related to incorrect access controls in the nasapi, allowing attackers to call internal functions. This can be achieved by manipulating the
method parameter.Recommendations
For Buffalo TS5600D1206 version 3.61-0.10, consider restricting access to the nasapi to minimize the risk of exploitation. Avoid using the
method parameter in the affected API endpoint until the issue is resolved.Exploit
Correção
Incorrect Permission
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Buffalo Ts5600D1206