CVE-2024-23486: Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with...

9.8 CVSS

Description

Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with access to the product's login page may obtain configured credentials.

Classification

CVE ID: CVE-2024-23486

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.8

Problem Types

Plaintext Storage of a Password

Affected Products

Vendor: BUFFALO INC., BUFFALO INC., BUFFALO INC., BUFFALO INC.

Product: WSR-2533DHP, WSR-2533DHPL, WSR-2533DHP2, WSR-A2533DHP2

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.42% (probability of being exploited)

EPSS Percentile: 60.82% (scored less or equal to compared to others)

EPSS Date: 2025-04-16 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: total

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-23486
https://www.buffalo.jp/news/detail/20240410-01.html
https://jvn.jp/en/jp/JVN58236836/

Timeline

2025-03-18 21:40:19 UTC
CVE

Plaintext storage of a password issue exists in BUFFALO wireless LAN routers, which may allow a network-adjacent unauthenticated attacker with...