JVN#23771490
Multiple vulnerabilities in BUFFALO VR-S1000

Overview

VR-S1000 provided by BUFFALO INC. contains multiple vulnerabilities.

Products Affected

• VR-S1000 firmware Ver. 2.37 and earlier

Description

VR-S1000 provided by BUFFALO INC. contains multiple vulnerabilities listed below.

• OS command injection (CWE-78) - CVE-2023-45741

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	Base Score: 6.8
  CVSS v2	AV:A/AC:L/Au:S/C:P/I:P/A:P	Base Score: 5.2

• Argument injection (CWE-88) - CVE-2023-46681

  CVSS v3	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	Base Score: 7.8
  CVSS v2	AV:L/AC:L/Au:S/C:P/I:P/A:P	Base Score: 4.3

• Use of hard-coded cryptographic key (CWE-321) - CVE-2023-46711

  CVSS v3	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	Base Score: 2.4
  CVSS v2	AV:L/AC:M/Au:N/C:P/I:N/A:N	Base Score: 1.9

• Information disclosure (CWE-200) - CVE-2023-51363

  CVSS v3	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	Base Score: 6.5
  CVSS v2	AV:A/AC:L/Au:N/C:P/I:N/A:N	Base Score: 3.3

Impact

• A network-adjacent attacker with access to the product's web management page may execute an arbitrary OS command - CVE-2023-45741
• A local attacker who can access to the product's command line interface may execute an arbitrary command - CVE-2023-46681
• The password of a specific product user may be cracked - CVE-2023-46711
• A network-adjacent attacker who can access the product's web management page may obtain sensitive information - CVE-2023-51363

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.