PT-2018-11745 · Buffalo · Buffalo Ts5600D1206
Published
2018-11-26
·
Updated
2019-10-03
·
CVE-2018-13321
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Buffalo TS5600D1206 version 3.61-0.10
Description
The issue is related to incorrect access controls in the nasapi, allowing attackers to call internal functions. This can be achieved by manipulating the
method parameter.Recommendations
For Buffalo TS5600D1206 version 3.61-0.10, consider restricting access to the nasapi to minimize the risk of exploitation. Avoid using the
method parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Buffalo Ts5600D1206