Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier
References
Link | Resource |
---|---|
https://jvn.jp/en/vu/JVNVU96824262/ | Third Party Advisory VDB Entry |
https://www.buffalo.jp/news/detail/20230310-01.html | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: jpcert
Published: 2023-04-11T00:00:00
Updated: 2023-04-11T00:00:00
Reserved: 2023-02-26T00:00:00
Link: CVE-2023-24464
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-11T09:15:07.803
Modified: 2023-04-18T02:21:48.263
Link: CVE-2023-24464
JSON object: View
Redhat Information
No data.
CWE