CVE-2023-45741

VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with access to the product's web management page to execute arbitrary OS commands.
References
Link Resource
https://jvn.jp/en/jp/JVN23771490/ Third Party Advisory
https://www.buffalo.jp/news/detail/20231225-01.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:buffalo:vr-s1000_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:buffalo:vr-s1000:-:*:*:*:*:*:*:*

History

04 Jan 2024, 02:34

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN23771490/ - () https://jvn.jp/en/jp/JVN23771490/ - Third Party Advisory
References () https://www.buffalo.jp/news/detail/20231225-01.html - () https://www.buffalo.jp/news/detail/20231225-01.html - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.8
CPE cpe:2.3:h:buffalo:vr-s1000:-:*:*:*:*:*:*:*
cpe:2.3:o:buffalo:vr-s1000_firmware:*:*:*:*:*:*:*:*
First Time Buffalo vr-s1000
Buffalo vr-s1000 Firmware
Buffalo
CWE CWE-78

26 Dec 2023, 20:34

Type Values Removed Values Added
Summary
  • (es) Versión del firmware VR-S1000. 2.37 y anteriores permiten a un atacante con acceso a la página de administración web del producto ejecutar comandos arbitrarios del sistema operativo.

26 Dec 2023, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-26 08:15

Updated : 2024-01-04 02:34


NVD link : CVE-2023-45741

Mitre link : CVE-2023-45741

CVE.ORG link : CVE-2023-45741


JSON object : View

Products Affected

buffalo

  • vr-s1000_firmware
  • vr-s1000
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')