CVE-2023-39620

HIGH

Buffalo TeraStation NAS TS5410R 5.00-0.07 - Unauthenticated Sensitive Information Exposure via Guest Account

Title source: llm

Description

An Issue in Buffalo America, Inc. TeraStation NAS TS5410R v.5.00 thru v.0.07 allows a remote attacker to obtain sensitive information via the guest account function.

References (2)

Core 2

Core References

Broken Link

https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration.

Exploit

https://github.com/bcross520/bcross520.github.io/wiki/Buffalo-Terastation-NAS-Disabled-guest-built%E2%80%90in-account-allows-for-SMB%5CRPC-device-enumeration

Scores

CVSS v3 7.5

EPSS 0.0071

EPSS Percentile 48.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (1)

buffalo/terastation_nas_5410r_firmware 5.00-0.07

Published Sep 08, 2023

Tracked Since Feb 18, 2026