Stored Cross-Site Scripting Vulnerability in Buffalo Network Devices
CVE-2023-24464

5.4MEDIUM

Key Information:

Vendor: Buffalo Inc.
Status: Bs-gs Series
Vendor: CVE Published:; 11 April 2023

🔔 Create Buffalo Inc. Vulnerability Alert

What is CVE-2023-24464?

A stored cross-site scripting vulnerability exists in Buffalo network devices, allowing attackers who gain access to the web management console to embed and execute arbitrary JavaScript code on the web browsers of legitimate users. This risk arises in several Buffalo models and firmware versions, highlighting the need for immediate attention from users to secure their devices.

Affected Version(s)

BS-GS series BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

References

https://www.buffalo.jp/news/detail/20230310-01.html

https://jvn.jp/en/vu/JVNVU96824262/

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Feb 26, 2023