Command Injection Vulnerability in VR-S1000 Firmware by Buffalo
CVE-2023-46681

7.8HIGH

Key Information:

Vendor

BUFFALO INC.

Status
VR-S1000
Vendor
CVE Published:
26 December 2023

Badges

๐Ÿ“ฐ News Worthy

What is CVE-2023-46681?

The VR-S1000 firmware by Buffalo is susceptible to an argument injection vulnerability due to improper neutralization of argument delimiters. An authenticated attacker with access to the product's command line interface can exploit this flaw to execute arbitrary commands, potentially compromising the integrity and security of the device and the network it operates within.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

VR-S1000 firmware Ver. 2.37 and earlier

News Articles

favicon imagePenetration Testing

The Urgent Need to Patch Buffalo's VR-S1000 VPN Router

CVE-2023-45741 allows an authenticated remote attacker to exploit the router by injecting arbitrary commands into the operating system

References

https://www.buffalo.jp/news/detail/20231225-01.html
https://jvn.jp/en/jp/JVN23771490/

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐Ÿ“ฐ

    First article discovered by Penetration Testing

  • Vulnerability published

  • Vulnerability Reserved

JSON
.