CVE-2023-24464
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
11/04/2023
Last modified:
11/02/2025
Description
Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and earlier
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:buffalo:bs-gs2008_firmware:*:*:*:*:*:*:*:* | 1.0.10.01 (including) | |
| cpe:2.3:h:buffalo:bs-gs2008:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:bs-gs2016_firmware:*:*:*:*:*:*:*:* | 1.0.10.01 (including) | |
| cpe:2.3:h:buffalo:bs-gs2016:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:bs-gs2024_firmware:*:*:*:*:*:*:*:* | 1.0.10.01 (including) | |
| cpe:2.3:h:buffalo:bs-gs2024:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:bs-gs2048_firmware:*:*:*:*:*:*:*:* | 1.0.10.01 (including) | |
| cpe:2.3:h:buffalo:bs-gs2048:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:bs-gs2008p_firmware:*:*:*:*:*:*:*:* | 1.0.10.01 (including) | |
| cpe:2.3:h:buffalo:bs-gs2008p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:bs-gs2016p_firmware:*:*:*:*:*:*:*:* | 1.0.10.01 (including) | |
| cpe:2.3:h:buffalo:bs-gs2016p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:buffalo:bs-gs2024p_firmware:*:*:*:*:*:*:*:* | 1.0.10.01 (including) | |
| cpe:2.3:h:buffalo:bs-gs2024p:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page