EIP-2026-101578

PRE-CVE

Buffalo TeraStation TS-Series - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101578. PoCs published by Andrea Fabrizi.

AI-analyzed exploit summary The writeup details two vulnerabilities in Buffalo TeraStation TS-Series firmware <= 1.5.7: an unauthenticated arbitrary file download via sync.cgi and an authenticated command injection via dynamic.pl. Technical specifics include request formats, affected endpoints, and privilege escalation to root.

Description

Buffalo TeraStation TS-Series - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP
by Andrea Fabrizi · textwebappshardware
https://www.exploit-db.com/exploits/24443

The writeup details two vulnerabilities in Buffalo TeraStation TS-Series firmware <= 1.5.7: an unauthenticated arbitrary file download via sync.cgi and an authenticated command injection via dynamic.pl. Technical specifics include request formats, affected endpoints, and privilege escalation to root.

Classification
Writeup 95%
Attack Type
Info Leak | Rce
Complexity
Trivial
Reliability
Reliable
Target: Buffalo TeraStation TS-Series firmware <= 1.5.7
No auth needed
Prerequisites: Network access to the device · For RCE: valid session cookie (authenticated access)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026