DescriptionThe following vulnerabilities exist in Samba used in our NAS products and wireless routers.
CVE-2017-14746 It is possible that SMB can become unusable due to a malicious SMB1 request.
Depending on the product, a restart may be necessary.
CVE-2017-15275Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
There is currently no known exploit associated with this vulnerability. Currently shipping units will be updated during normal update cycles.Products Affected by CVE-2017-14746TeraStation 3010 and 5010 Series - fixed by firmware 4.00 |
LS500 Series - fixed by firmware 4.31 |
Products Affected by CVE-2017-15275TeraStationTS5010/TS3010 Series - fixed by firmware 4.00 |
TS7000 Series - fixed by firmware 2.62 |
TS5000 Series - fixed by firmware 3.61 |
TS5200DS Series - fixed by firmware 3.61 |
TS3000 Series - fixed by firmware 1.84 |
TS1000 Series - fixed by firmware 1.63 |
TS-X Series - fixed by firmware 1.72 |
TS-V Series - fixed by firmware 1.31 |
LinkStationLS500 Series - fixed by firmware 4.31 |
LS400 Series - fixed by firmware 1.84 |
LS200 Series - fixed by firmware 1.67 |
LS-X Series - fixed by firmware 1.74 |
LS-V Series - fixed by firmware 1.74 |
LS-WSXL Series - fixed by firmware 1.74 |
AirStation (If using NAS/file sharing capabilities)
WXR-1900DHPD |
WZR-1750DHPD |
WZR-600DHP2D |
WHR-300HP2D |
WZR-300HP |
WZR-HP-AG300H |
WZR-HP-G300NH2 |
WZR-HP-G450H |
WZR-450HP2D |
Buffalo will update this public release with information about affected products as our investigation continues.
WorkaroundsWe will release updated firmware to correct the vulnerabilities.
Buffalo strongly recommends that you download the latest firmware as soon as possible after fixed firmware is available.
ContactFor inquiries regarding this matter, please contact us.