CVE-2023-26588

CVSS V2 None CVSS V3 None
Description
Use of hard-coded credentials vulnerability in Buffalo network devices allows an attacker to access the debug function of the product. The affected products and versions are as follows: BS-GSL2024 firmware Ver. 1.10-0.03 and earlier, BS-GSL2016P firmware Ver. 1.10-0.03 and earlier, BS-GSL2016 firmware Ver. 1.10-0.03 and earlier, BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier
Overview
  • CVE ID
  • CVE-2023-26588
  • Assigner
  • vultures@jpcert.or.jp
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-11T09:15:08
  • Last Modified Date
  • 2023-04-18T19:37:21
Weakness Enumerations
CWE URL
CWE-668 http://cwe.mitre.org/data/definitions/668.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:buffalo:bs-gsl2024_firmware:*:*:*:*:*:*:*:* 1 OR 1.10-0.03
cpe:2.3:h:buffalo:bs-gsl2024:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gsl2016p_firmware:*:*:*:*:*:*:*:* 1 OR 1.10-0.03
cpe:2.3:h:buffalo:bs-gsl2016p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gsl2016_firmware:*:*:*:*:*:*:*:* 1 OR 1.10-0.03
cpe:2.3:h:buffalo:bs-gsl2016:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gs2008_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.10.01
cpe:2.3:h:buffalo:bs-gs2008:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gs2016_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.10.01
cpe:2.3:h:buffalo:bs-gs2016:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gs2024_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.10.01
cpe:2.3:h:buffalo:bs-gs2024:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gs2048_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.10.01
cpe:2.3:h:buffalo:bs-gs2048:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gs2008p_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.10.01
cpe:2.3:h:buffalo:bs-gs2008p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gs2016p_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.10.01
cpe:2.3:h:buffalo:bs-gs2016p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gs2024p_firmware:*:*:*:*:*:*:*:* 1 OR 1.0.10.01
cpe:2.3:h:buffalo:bs-gs2024p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gsl2005_firmware:*:*:*:*:*:*:*:* 1 OR 1.12-0.01
cpe:2.3:h:buffalo:bs-gsl2005:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gsl2008_firmware:*:*:*:*:*:*:*:* 1 OR 1.12-0.01
cpe:2.3:h:buffalo:bs-gsl2008:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gsl2005p_firmware:*:*:*:*:*:*:*:* 1 OR 1.11-0.01
cpe:2.3:h:buffalo:bs-gsl2005p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gsl2008p_firmware:*:*:*:*:*:*:*:* 1 OR 1.11-0.01
cpe:2.3:h:buffalo:bs-gsl2008p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gs2016p_firmware:*:*:*:*:*:*:*:* 1 OR 1.1.7.01
cpe:2.3:h:buffalo:bs-gs2016p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gs2016hp_firmware:*:*:*:*:*:*:*:* 1 OR 1.1.7.01
cpe:2.3:h:buffalo:bs-gs2016hp:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gs2024p_firmware:*:*:*:*:*:*:*:* 1 OR 1.1.7.01
cpe:2.3:h:buffalo:bs-gs2024p:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:buffalo:bs-gs2024hp_firmware:*:*:*:*:*:*:*:* 1 OR 1.1.7.01
cpe:2.3:h:buffalo:bs-gs2024hp:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://jvn.jp/en/vu/JVNVU96824262/
https://www.buffalo.jp/news/detail/20230310-01.html
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-26588
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26588
History
Created Old Value New Value Data Type Notes
2023-04-17 04:29:17 Added to TrackCVE
2023-04-17 14:00:45 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-18 20:00:44 2023-04-18T19:37:21 CVE Modified Date updated
2023-04-18 20:00:44 Undergoing Analysis Analyzed Vulnerability Status updated
2023-04-18 20:00:46 Weakness Enumeration new
2023-04-18 20:00:49 CPE Information updated