Arbitrary OS Command Execution in VR-S1000 Firmware by Buffalo
CVE-2023-45741

6.8MEDIUM

Key Information:

Vendor

BUFFALO INC.

Status
VR-S1000
Vendor
CVE Published:
26 December 2023

Badges

đź“° News Worthy

What is CVE-2023-45741?

The firmware of the VR-S1000 device, up to version 2.37, is susceptible to a security vulnerability that permits an attacker with access to the product’s web management interface to execute arbitrary operating system commands. This compromise could potentially allow attackers to manipulate system operations and gain unauthorized access, posing significant risks to network security and data integrity.

Affected Version(s)

VR-S1000 firmware Ver. 2.37 and earlier

News Articles

favicon imagePenetration Testing

The Urgent Need to Patch Buffalo's VR-S1000 VPN Router

CVE-2023-45741 allows an authenticated remote attacker to exploit the router by injecting arbitrary commands into the operating system

References

https://www.buffalo.jp/news/detail/20231225-01.html
https://jvn.jp/en/jp/JVN23771490/

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by Penetration Testing

  • Vulnerability published

  • Vulnerability Reserved

.