Sign-up

ID

VAR-201811-0134


CVE

CVE-2018-13321


TITLE

Buffalo TS5600D1206 Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012805

DESCRIPTION

Incorrect access controls in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allow attackers to call dangerous internal functions via the "method" parameter. Buffalo TS5600D1206 Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Buffalo TS5600D1206 is a network storage device from the Buffalo Group in Japan

Trust: 2.34

sources: NVD: CVE-2018-13321 // JVNDB: JVNDB-2018-012805 // CNVD: CNVD-2019-00678 // VULHUB: VHN-123369 // VULMON: CVE-2018-13321

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-00678

AFFECTED PRODUCTS

vendor:buffalomodel:ts5600d1206scope:eqversion:3.61-0.10

Trust: 3.0

sources: CNVD: CNVD-2019-00678 // JVNDB: JVNDB-2018-012805 // CNNVD: CNNVD-201811-727 // NVD: CVE-2018-13321

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-13321
value: HIGH

Trust: 1.0

NVD: CVE-2018-13321
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-00678
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201811-727
value: HIGH

Trust: 0.6

VULHUB: VHN-123369
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-13321
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-13321
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2019-00678
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-123369
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-13321
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-00678 // VULHUB: VHN-123369 // VULMON: CVE-2018-13321 // JVNDB: JVNDB-2018-012805 // CNNVD: CNNVD-201811-727 // NVD: CVE-2018-13321

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-284

Trust: 0.8

sources: VULHUB: VHN-123369 // JVNDB: JVNDB-2018-012805 // NVD: CVE-2018-13321

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-727

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201811-727

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012805

PATCH
title:Replacement Hard Drives for TeraStation 3000 and 5000 Seriesurl:https://www.buffalotech.com/products/replacement-hard-drives-for-terastation-3000-and-5000-series
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-012805

EXTERNAL IDS
db:NVDid:CVE-2018-13321
Trust: 3.2
db:JVNDBid:JVNDB-2018-012805
Trust: 0.8
db:CNNVDid:CNNVD-201811-727
Trust: 0.7
db:CNVDid:CNVD-2019-00678
Trust: 0.6
db:VULHUBid:VHN-123369
Trust: 0.1
db:VULMONid:CVE-2018-13321
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-00678 // 
            
            
            
            VULHUB: VHN-123369 // 
            
            
            
            VULMON: CVE-2018-13321 // 
            
            
            
            JVNDB: JVNDB-2018-012805 // 
            
            
            
            CNNVD: CNNVD-201811-727 // 
            
            
            
            NVD: CVE-2018-13321

REFERENCES
url:https://blog.securityevaluators.com/buffalo-terastation-ts5600d1206-nas-cve-disclosure-ab5d159f036d
Trust: 2.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-13321
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-13321
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/732.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-00678 // 
            
            
            
            VULHUB: VHN-123369 // 
            
            
            
            VULMON: CVE-2018-13321 // 
            
            
            
            JVNDB: JVNDB-2018-012805 // 
            
            
            
            CNNVD: CNNVD-201811-727 // 
            
            
            
            NVD: CVE-2018-13321

SOURCES
db:CNVDid:CNVD-2019-00678
db:VULHUBid:VHN-123369
db:VULMONid:CVE-2018-13321
db:JVNDBid:JVNDB-2018-012805
db:CNNVDid:CNNVD-201811-727
db:NVDid:CVE-2018-13321

LAST UPDATE DATE
2024-11-23T22:21:54.367000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-00678date:2019-01-09T00:00:00
db:VULHUBid:VHN-123369date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-13321date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-012805date:2019-02-07T00:00:00
db:CNNVDid:CNNVD-201811-727date:2019-10-23T00:00:00
db:NVDid:CVE-2018-13321date:2024-11-21T03:46:52.520

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-00678date:2019-01-09T00:00:00
db:VULHUBid:VHN-123369date:2018-11-26T00:00:00
db:VULMONid:CVE-2018-13321date:2018-11-26T00:00:00
db:JVNDBid:JVNDB-2018-012805date:2019-02-07T00:00:00
db:CNNVDid:CNNVD-201811-727date:2018-11-27T00:00:00
db:NVDid:CVE-2018-13321date:2018-11-26T23:29:00.657