CVE-2026-29516

Medium CVSS: 6.9

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root.

Vendor

Product

CWE

CWE-732

Yayın Tarihi

2026-03-16 20:16:18

Güncelleme

2026-03-17 16:16:21

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-732 MEDIUM 2026

Referanslar

https://buffaloamericas.com/ https://www.vulncheck.com/advisories/buffalo-terastation-ts5400r-excessive-file-permissions-information-disclosure