Potential Man-In-The-Middle attack during Firmware updates may allow for arbitrary code execution

Summary

When a Linkstation 200 series updates its firmware, it does not appropriately verify the update source. This could potentially lead to a Man-in-The-Middle attack.

Vulnerability ID	Vulnerability Overview
CVE-2023-51073	An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script

Affected Supported TeraStations

None

(Linkstation 200 Series only. This entry is posted here as a courtesy. The security notices page may not list all known issues with Linkstations.)

Back to Security Notices

Date	Description
03/5/2024	Initial release

Network Attached Storage

Portable Solid State Drive (SSD)

External Hard Drives

While Supplies Last

Optical Drives

Multi-Gigabit Switches

Accessories

View All

Case Studies

Blog & Helpful Tips

White Papers

Data Security

Webinars

Latest Article

Buffalo Americas Announces FIPS 140 CAVP Validation for Cryptographic Security on TeraStation 5020 and 7010 Series Network Storage

Get Support

Forums

Knowledge Base

Data Recovery

Security Notices

Warranty Information

Potential Man-In-The-Middle attack during Firmware updates may allow for arbitrary code execution

Potential Man-In-The-Middle attack during Firmware updates may allow for arbitrary code execution