Command Injection Vulnerability in VR-S1000 Firmware by Buffalo
CVE-2023-46681

7.8HIGH

Key Information:

Vendor: BUFFALO INC.
Status: VR-S1000
Vendor: CVE Published:; 26 December 2023

🔔 Create BUFFALO INC. Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2023-46681?

The VR-S1000 firmware by Buffalo is susceptible to an argument injection vulnerability due to improper neutralization of argument delimiters. An authenticated attacker with access to the product's command line interface can exploit this flaw to execute arbitrary commands, potentially compromising the integrity and security of the device and the network it operates within.

Affected Version(s)

VR-S1000 firmware Ver. 2.37 and earlier

News Articles

Penetration Testing

CVE-2023-45741 CVE-2023-46681

The Urgent Need to Patch Buffalo's VR-S1000 VPN Router

CVE-2023-45741 allows an authenticated remote attacker to exploit the router by injecting arbitrary commands into the operating system

thmubnail image

References

https://www.buffalo.jp/news/detail/20231225-01.html

https://jvn.jp/en/jp/JVN23771490/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Penetration Testing
Dec 27, 2023
Vulnerability published
Dec 26, 2023
Vulnerability Reserved
Oct 25, 2023

.

CVE-2023-46681 : Command Injection Vulnerability in VR-S1000 Firmware by Buffalo