CVE-2023-39620

Опубликовано: 08 сент. 2023

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function.

Ссылки

https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration.
Broken Link
https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration
Exploit
https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration.
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:buffalo:terastation_nas_5410r_firmware:5.00-0.07:*:*:*:*:*:*:*

cpe:2.3:h:buffalo:terastation_nas_5410r:-:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00066

Низкий

7.5 High

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-200

Связанные уязвимости

GHSA-5h3v-c93c-9gh7