CNNVD-202510-1506 Information

CNNVD ID

CNNVD-202510-1506

Related CVE

CVE-2025-61871

• CNNVD Published: 2025-10-10

Description (Chinese)

Buffalo NAS Navigator2是日本Buffalo公司的一款网络存储设备管理工具。 Buffalo NAS Navigator2 3.12.0之前版本存在代码问题漏洞，该漏洞源于Windows服务注册了未加引号的文件路径，可能导致具有系统驱动器根目录写入权限的用户以SYSTEM特权执行任意代码。

Description (English)

Buffalo NAS Navigator2 is a network storage device management tool for Buffalo, Japan. Buffalo NAS Navigator 2 3.12.0 has a code problem loophole, which stems from the Windows service ’ s registration of unquoted file paths, which may result in any user with SYSTEM privileges with SYSTEM permission to write to the root of the system.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

巴比禄

Published

2025-10-10

Last Modified

2026-02-24

References

https://jvn.jp/en/jp/JVN69099112/ https://www.buffalo.jp/news/detail/20251009-01.html

Patch

https://www.buffalo.jp/news/detail/20251009-01.html