Hard-Coded Credentials Vulnerability in Buffalo Network Devices
CVE-2023-26588

7.5HIGH

Key Information:

Vendor: Buffalo Inc.
Status: Bs-gsl And Bs-gs Series
Vendor: CVE Published:; 11 April 2023

🔔 Create Buffalo Inc. Vulnerability Alert

What is CVE-2023-26588?

A vulnerability exists in Buffalo network devices due to the presence of hard-coded credentials, allowing unauthorized users to gain access to the product's debug functions. This flaw impacts various models and firmware versions, potentially compromising network security and operational integrity. Users are advised to update their firmware to the latest versions to mitigate this vulnerability.

Affected Version(s)

BS-GSL and BS-GS series BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

References

https://www.buffalo.jp/news/detail/20230310-01.html

https://jvn.jp/en/vu/JVNVU96824262/

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Feb 26, 2023