CVE-2023-26588

moderate-risk

Published 2023-04-11

Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier

Do I need to act?

0.32% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (16)

Bs-Gsl2024 Firmware

Bs-Gsl2016P Firmware

Bs-Gsl2016 Firmware

Bs-Gs2008 Firmware

Bs-Gs2016 Firmware

Bs-Gs2024 Firmware

Bs-Gs2048 Firmware

Bs-Gs2008P Firmware

Bs-Gs2016P Firmware

Bs-Gs2024P Firmware

Bs-Gsl2005 Firmware

Bs-Gsl2008 Firmware

Bs-Gsl2005P Firmware

Bs-Gsl2008P Firmware

Bs-Gs2016Hp Firmware

Bs-Gs2024Hp Firmware

Affected Vendors

Buffalo

References (4)

Patch https://jvn.jp/en/vu/JVNVU96824262/

Vendor Advisory https://www.buffalo.jp/news/detail/20230310-01.html

Patch https://jvn.jp/en/vu/JVNVU96824262/

Vendor Advisory https://www.buffalo.jp/news/detail/20230310-01.html

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 18/34 · Moderate