JVN#93484133
TeraStation HD-HTGL series cross-site request forgery vulnerability
Overview
TeraStation HD-HTGL series provided by Buffalo, Inc. are hard disks for LAN connection and have administrative web interface. The administrative interface for the TeraStation HD-HTGL contains a cross-site request forgery (CSRF) vulnerability.
Products Affected
- HD-HTGL Series firmware Ver. 2.05-beta-1 and earlier
Description
Impact
If a TeraStation HD-HTGL administrator who logged into the web administration interface views a malicous website, an attacker could possibly modify configurations or delete data on the hard disk.
Solution
References
JPCERT/CC Addendum
Credit
Hiromitsu Takagi of Research Center for Information Security (RCIS) National Institute of Advanced Industrial Science and Technology (AIST), Japan reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2006-000665 |