Products > Storage

Samba-Vulnerability(CVE-2017-14746, CVE-2017-15275)

(1/1)

Texturtle:
Description
The following vulnerabilities exist in Samba used in our NAS products and wireless routers.

CVE-2017-14746
   It is possible that SMB can become unusable due to a malicious SMB1 request.
        Depending on the product, a restart may be necessary.

CVE-2017-15275
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
There is currently no known exploit associated with this vulnerability. Currently shipping units will be updated during normal update cycles.

Products Affected by CVE-2017-14746

TeraStation 3010 and 5010 Series - fixed by firmware 4.00LS500 Series - fixed by firmware 4.31

Products Affected by CVE-2017-15275

TeraStation
TS5010/TS3010 Series - fixed by firmware 4.00TS7000 Series - fixed by firmware 2.62TS5000 Series - fixed by firmware 3.61TS5200DS Series - fixed by firmware 3.61TS3000 Series - fixed by firmware 1.84TS1000 Series - fixed by firmware 1.63TS-X Series - fixed by firmware 1.72TS-V Series - fixed by firmware 1.31
LinkStation
LS500 Series - fixed by firmware 4.31LS400 Series - fixed by firmware 1.84LS200 Series - fixed by firmware 1.67LS-X Series - fixed by firmware 1.74LS-V Series - fixed by firmware 1.74LS-WSXL Series - fixed by firmware 1.74
AirStation (If using NAS/file sharing capabilities)

WXR-1900DHPDWZR-1750DHPDWZR-600DHP2DWHR-300HP2DWZR-300HPWZR-HP-AG300HWZR-HP-G300NH2WZR-HP-G450HWZR-450HP2D
Buffalo will update this public release with information about affected products as our investigation continues.

Workarounds
We will release updated firmware to correct the vulnerabilities.
Buffalo strongly recommends that you download the latest firmware as soon as possible after fixed firmware is available.

Contact
For inquiries regarding this matter, please contact us.

Navigation

[0] Message Index

Go to full version