CVE-2023-24464 Information

Description

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user’s web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier BS-GS2016 firmware Ver. 1.0.10.01 and earlier BS-GS2024 firmware Ver. 1.0.10.01 and earlier BS-GS2048 firmware Ver. 1.0.10.01 and earlier BS-GS2008P firmware Ver. 1.0.10.01 and earlier BS-GS2016P firmware Ver. 1.0.10.01 and earlier and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

Reference

https://www.buffalo.jp/news/detail/20230310-01.html https://jvn.jp/en/vu/JVNVU96824262/