CVE-2023-24464 (bs-gs2008_firmware, bs-gs2008p_firmware, bs-gs2016_firmware, bs-gs2016p_firmware, bs-gs2024_firmware, bs-gs2024p_firmware, bs-gs2048_firmware)

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's web browser. The affected products and versions are as follows: BS-GS2008 firmware Ver. 1.0.10.01 and earlier, BS-GS2016 firmware Ver. 1.0.10.01 and earlier, BS-GS2024 firmware Ver. 1.0.10.01 and earlier, BS-GS2048 firmware Ver. 1.0.10.01 and earlier, BS-GS2008P firmware Ver. 1.0.10.01 and earlier, BS-GS2016P firmware Ver. 1.0.10.01 and earlier, and BS-GS2024P firmware Ver. 1.0.10.01 and …

access browser buffalo console cross-site cve devices firmware javascript management network network devices product products scripting the web vulnerability web web browser