CVE-2023-46681

Name of the Vulnerable Software and Affected Versions BUFFALO VR-S1000 versions 2.37 and earlier

Description The issue is related to the improper neutralization of argument delimiters in a command, also known as an 'Argument Injection' vulnerability. This allows an authenticated attacker who can access the product's command line interface to execute an arbitrary command.

Recommendations For versions 2.37 and earlier, consider restricting access to the command line interface until a patch is available. As a temporary workaround, limit the execution of commands to only those that are necessary for the device's operation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.