Potential Man-In-The-Middle attack during Firmware updates may allow for arbitrary code execution
Potential Man-In-The-Middle attack during Firmware updates may allow for arbitrary code execution
Summary
When a Linkstation 200 series updates its firmware, it does not appropriately verify the update source. This could potentially lead to a Man-in-The-Middle attack.
Vulnerability ID | Vulnerability Overview |
---|---|
CVE-2023-51073 | An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script |
Affected Supported TeraStations
None
(Linkstation 200 Series only. This entry is posted here as a courtesy. The security notices page may not list all known issues with Linkstations.)
Date | Description |
03/5/2024 | Initial release |