Lucene search

JpcertCVE-2023-26588

HistoryApr 11, 2023 - 9:15 a.m.

CVE-2023-26588

2023-04-1109:15:08

CWE-668

jpcert

web.nvd.nist.gov

cve-2023-26588

hard-coded credentials

buffalo network devices

vulnerability

nvd

security

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

62.2%

JSON

Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

Affected configurations

Nvd

Vulners

Node

buffalobs-gsl2024_firmwareRange≤1.10-0.03

AND

buffalobs-gsl2024Match-

Node

buffalobs-gsl2016p_firmwareRange≤1.10-0.03

AND

buffalobs-gsl2016pMatch-

Node

buffalobs-gsl2016_firmwareRange≤1.10-0.03

AND

buffalobs-gsl2016Match-

Node

buffalobs-gs2008_firmwareRange≤1.0.10.01

AND

buffalobs-gs2008Match-

Node

buffalobs-gs2016Match-

AND

buffalobs-gs2016_firmwareRange≤1.0.10.01

Node

buffalobs-gs2024Match-

AND

buffalobs-gs2024_firmwareRange≤1.0.10.01

Node

buffalobs-gs2048Match-

AND

buffalobs-gs2048_firmwareRange≤1.0.10.01

Node

buffalobs-gs2008p_firmwareRange≤1.0.10.01

AND

buffalobs-gs2008pMatch-

Node

buffalobs-gs2016p_firmwareRange≤1.0.10.01

AND

buffalobs-gs2016pMatch-

Node

buffalobs-gs2024p_firmwareRange≤1.0.10.01

AND

buffalobs-gs2024pMatch-

Node

buffalobs-gsl2005_firmwareRange<1.12-0.01

AND

buffalobs-gsl2005Match-

Node

buffalobs-gsl2008_firmwareRange<1.12-0.01

AND

buffalobs-gsl2008Match-

Node

buffalobs-gsl2005pMatch-

AND

buffalobs-gsl2005p_firmwareRange<1.11-0.01

Node

buffalobs-gsl2008pMatch-

AND

buffalobs-gsl2008p_firmwareRange<1.11-0.01

Node

buffalobs-gs2016pMatch-

AND

buffalobs-gs2016p_firmwareRange<1.1.7.01

Node

buffalobs-gs2016hpMatch-

AND

buffalobs-gs2016hp_firmwareRange<1.1.7.01

Node

buffalobs-gs2024pMatch-

AND

buffalobs-gs2024p_firmwareRange<1.1.7.01

Node

buffalobs-gs2024hp_firmwareRange<1.1.7.01

AND

buffalobs-gs2024hpMatch-

VendorProductVersionCPE
buffalobs-gsl2024_firmware*cpe:2.3:o:buffalo:bs-gsl2024_firmware:*:*:*:*:*:*:*:*
buffalobs-gsl2024-cpe:2.3:h:buffalo:bs-gsl2024:-:*:*:*:*:*:*:*
buffalobs-gsl2016p_firmware*cpe:2.3:o:buffalo:bs-gsl2016p_firmware:*:*:*:*:*:*:*:*
buffalobs-gsl2016p-cpe:2.3:h:buffalo:bs-gsl2016p:-:*:*:*:*:*:*:*
buffalobs-gsl2016_firmware*cpe:2.3:o:buffalo:bs-gsl2016_firmware:*:*:*:*:*:*:*:*
buffalobs-gsl2016-cpe:2.3:h:buffalo:bs-gsl2016:-:*:*:*:*:*:*:*
buffalobs-gs2008_firmware*cpe:2.3:o:buffalo:bs-gs2008_firmware:*:*:*:*:*:*:*:*
buffalobs-gs2008-cpe:2.3:h:buffalo:bs-gs2008:-:*:*:*:*:*:*:*
buffalobs-gs2016-cpe:2.3:h:buffalo:bs-gs2016:-:*:*:*:*:*:*:*
buffalobs-gs2016_firmware*cpe:2.3:o:buffalo:bs-gs2016_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
buffalo	bs-gsl2024_firmware	*	cpe:2.3:o:buffalo:bs-gsl2024_firmware::::::::
buffalo	bs-gsl2024	-	cpe:2.3:h:buffalo:bs-gsl2024:-:::::::*
buffalo	bs-gsl2016p_firmware	*	cpe:2.3:o:buffalo:bs-gsl2016p_firmware::::::::
buffalo	bs-gsl2016p	-	cpe:2.3:h:buffalo:bs-gsl2016p:-:::::::*
buffalo	bs-gsl2016_firmware	*	cpe:2.3:o:buffalo:bs-gsl2016_firmware::::::::
buffalo	bs-gsl2016	-	cpe:2.3:h:buffalo:bs-gsl2016:-:::::::*
buffalo	bs-gs2008_firmware	*	cpe:2.3:o:buffalo:bs-gs2008_firmware::::::::
buffalo	bs-gs2008	-	cpe:2.3:h:buffalo:bs-gs2008:-:::::::*
buffalo	bs-gs2016	-	cpe:2.3:h:buffalo:bs-gs2016:-:::::::*
buffalo	bs-gs2016_firmware	*	cpe:2.3:o:buffalo:bs-gs2016_firmware::::::::

Rows per page:

1-10 of 321

CNA Affected

[
  {
    "vendor": "BUFFALO INC.",
    "product": "BS-GSL and BS-GS series",
    "versions": [
      {
        "version": "BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier",
        "status": "affected"
      }
    ]
  }
]

References

jvn.jp/en/vu/JVNVU96824262/

www.buffalo.jp/news/detail/20230310-01.html

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

62.2%

JSON

Related for CVE-2023-26588