Improper Access Control in Buffalo Network Devices
CVE-2023-24544

8.1HIGH

Key Information:

Vendor: Buffalo Inc.
Status: Bs-gsl And Bs-gs Series
Vendor: CVE Published:; 11 April 2023

🔔 Create Buffalo Inc. Vulnerability Alert

What is CVE-2023-24544?

An improper access control vulnerability exists in Buffalo network devices, enabling attackers in proximity to the network to gain unauthorized access to sensitive files. This flaw can potentially allow modification of critical product settings, posing a significant security risk. Users of affected firmware versions should take immediate action to mitigate potential threats.

Affected Version(s)

BS-GSL and BS-GS series BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

References

https://www.buffalo.jp/news/detail/20230310-01.html

https://jvn.jp/en/vu/JVNVU96824262/

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Feb 26, 2023