[Japanese]

JVNDB-2006-000665

TeraStation HD-HTGL series cross-site request forgery vulnerability

Overview

TeraStation HD-HTGL series provided by Buffalo, Inc. are hard disks for LAN connection and have administrative web interface. The administrative interface for the TeraStation HD-HTGL contains a cross-site request forgety (CSRF) vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.0 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


BUFFALO INC.
  • HD-HTGL Series firmware Ver. 2.05-beta-1 and earlier

Impact

If a TeraStation HD-HTGL administrator who logged into the web administration interface views a malicous website, an attacker could possibly modify configurations or delete data on the hard disk.
Solution

Vendor Information

BUFFALO INC.
CWE (What is CWE?)

  1. Cross-Site Request Forgery(CWE-352) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2006-5175
References

  1. JVN : JVN#93484133
  2. National Vulnerability Database (NVD) : CVE-2006-5175
  3. Secunia Advisory : SA22248
  4. ISS X-Force Database : 29338
  5. FrSIRT Advisories : FrSIRT/ADV-2006-3891
Revision History

  • [2008/05/21]
      Web page published