Security Notices for Buffalo TeraStations

Buffalo TeraStations use a closed operating system that does not allow users to access the OS, install programs, or change the code, thus closing off many cyberattack vectors.

Many of our customers are running security scanning software that identify versioning information of the various network services provided by the TeraStation and report on known vulnerabilities associated with that software.

Buffalo is committed to the security of our customers data. We will investigate and report on the various security vulnerabilities that may affect our systems, and publish any remediation or the results of investigations here.

The list of systems supported with this reporting are:

TeraStation 7010 Series
TeraStation 6000 Series
TeraStation 5020 / 3020 Series
TeraStation 5010 / 3010 Series

Vulnerabities on other systems will be addressed according to their severity, and users should consult the Firmware Update notes for a history of security patches applied.

For environments where regulatory compliance requires specific responses to vulnerability scanning sortware, Buffalo recommends the use of the above systems.

Report Vulnerabilities

Please contact: security@buffaloamericas.com to report security issues that might affect Buffalo TeraStations.

Please note that this e-mail address is used for monitoring potential product security issues. Any and all replies may not occur unless further information is required or supplied. For technical support of Buffalo products, please visit our Support page instead.

Issue Name	Status	Severity	CVE	Last Updated	Affected Supported TeraStations	Notes
SSL Security Ticket Cannot be trusted SSL Security Ticket is for the wrong host The X.509 certificate chain used by this service contains certificates with RSA keys shorter than 2048 bits.	Resolved	Low	N/A	3/10/2023	None / All	This is an expected scan result until a certificate issued by a certifying authority is installed by the administrator
SMB/NETBIOS Vulnerabilities	Resolved	High	CVE-1999-0505 CVE-1999-0519 CVE-1999-0520	12/21/2022	None	Configuration needed. Refer to Vulnerability Page.
Apache server allows obtaining sensitive information	Not Affected	Medium	CVE-2003-1418	3/16/2023	None
Certificate Vulnerability	Resolved	Medium	CVE-2004-2761	12/21/2022	None	Configuration needed. Refer to vulnerability page.
Insecure Ciphers in Apache Tomcat	Not Affected	Low	CVE-2007-1858	3/10/2023	None
Open SSH when UseLogin feature is enabled OpenSSH with SHA256 or SHA512	Not Affected	High	CVE-2015-8325 CVE-2016-6210	3/10/2023	None
Open SSH untrusted X11 forwarding	Not Affected	High	CVE-2016-1908	3/10/2023	None
Denial of Service Vulnerability Vulnerability in OpenSSL DSA private key acquisiton Denial of Service (DoS) Vulnerability in OpenSSL crypto/ts/ts_lib.c	Resolved	High	CVE-2016-2177 CVE-2016-2178 CVE-2016-2180	3/10/2023	TS5010 TS3020/TS3010	Upgrade to firmware 4.80 or later
Denial of Service (DoS) Vulnerability in OpenSSL DTLS Denial of Service Vulnerability in OpenSSL DTLS_antireplay	Not Affected	High	CVE-2016-2179 CVE-2016-2181	3/10/2023	None
Denial of Service (DoS) Vulnerability in OpenSSL crypto/bn/bn_print.c	Ongoing	High	CVE-2016-2182	3/16/2023	TS6000 TS5020/5010 TS3020/3010
DES and Triple DES ciphers "Sweet32"	Resolved	High	CVE-2016-2183	3/10/2023	TS5010 TS3020/TS3010	Update Firmware to 4.32 or later.
Denial of Service (DoS) Vulnerability in OpenSSL's ssl/t1_lib.c Integer overflow vulnerability in OpenSSL's crypto/mdc2/mdc2dgst.c	Ongoing	High	CVE-2016-6302 CVE-2016-6303	3/10/2023	TS6000 TS5020/5010 TS3020/3010
Denial of Service (DoS) Vulnerability	Not Affected	High	CVE-2016-6304	3/10/2023	None
OpenSSH arbitrary code execution multiple vulnerabilities	Resolved	High	CVE-2016-10009 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708	7/12/2023	TS6000 TS5010 TS3020 / TS3010	Update Firmware to 4.56 or later (TS5010/3010/3020) Update Firmware to 5.12 or later (TS6000)
OpenSSH gain of privilege related to serverloop.c	Not Affected	High	CVE-2016-10010	7/12/2023	None
s4u2proxy unkeyed checksum	Not Affected	Medium	CVE-2018-16860	3/10/2023	None
Samba Active Directory DoS in ldb_qsort and dns_name_compare Samba Active Directory Kerberos sets forwardable flag	Not Affected	Medium	CVE-2019-14861 CVE-2019-14870	7/12/2023	None
ACL Inheritance in Samba AD DC Crash after failed character conversion	Not Affected	Medium	CVE-2019-14902 CVE-2019-14907	3/10/2023	None
Samba Active Directory CPU and use-after-free DoS vulnerabilities	Not Affected	High	CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303	7/12/2023	None
Missing handle permissions check in Samba ChangeNotify	Ongoing	Medium	CVE-2020-14318	3/10/2023	TS7010 TS6000 TS5020/5010 TS3020/3010
AFP Vulnerabilities	Ongoing	Medium	CVE-2021-31439 CVE-2022-23121 CVE-2022-0194 CVE-2022-23122 CVE-2022-23125 CVE-2022-23123 CVE-2022-23124	8/25/2022	TS6000 TS5020/5010 TS3020/3010	Disable AFP to workaround. Workaround details on page.
Samba information disclosure with SMB1 Samba vfs_fruit out of bounds heap Samba AD server can arbitrarily rewrite SPN	Not Affected	High	CVE-2021-44141 CVE-2021-44142 CVE-2022-0336	3/10/2023	None
Samba Active Directory elevation of privilege vulnerabilities	Not Affected	Critical	CVE-2022-37966 CVE-2022-37967 CVE-2022-38023 CVE-2022-45141	7/12/2023	None
Arbitrary code execution on affected installations of Netatalk	Ongoing	Critical	CVE-2022-43634	7/12/2023	TS7010 TS6000 TS5020 / TS5010 TS3020 / TS3010	Disable AFP to workaround. Workaround details on page.
Samba Active Directory Bitlocker Keys Samba Active Directory admin tool signed-only connection	Not Affected	Medium	CVE-2023-0164 CVE-2023-0922	7/12/2023	None
Samba server heap buffer overflow	Ongoing	Medium	CVE-2022-3437	10/10/2023	TS7010 TS6000 TS5020 / TS5010 TS3020 / TS3010
SSH server file creation restriction bypass vulnerability.	Ongoing	Medium	CVE-2017-15906	10/10/23	TS6000 TS5010 TS3020/3010
OpenSSH requesting transmission of an entire buffer OpenSSH heap-base overflow in roaming_common.c	Ongoing	High	CVE-2016-0777 CVE-2016-0778	10/10/23	TS6000 TS5010 TS3020/3010
Samba 32-Bit Systems Buffer Overflow	Ongoing	High	CVE-2022-42898	10/10/23	TS7010 TS6000 TS5020 / TS5010 TS3020 / TS3010
OpenSSH bypass timeout checks and XSECURITY restrictions	Ongoing	High	CVE-2015-5352	10/10/23	TS6000 TS5010 TS3020/3010
OpenSSH security bypass in the kbdint_next_device() function OpenSSH accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests OpenSSH use-after-free error in sshd when handling a MONITOR_REQ_PAM_FREE_CTX request OpenSSH setting insecure world-writable permissions for TTYs	Ongoing	Medium	CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2015-6565	10/10/23	TS6000 TS5010 TS3020/3010
OpenSSH before 8.5 has a double free in ssh-agent	Ongoing	High	CVE-2021-28041	10/10/23	TS7010
SMB Signing not required	Ongoing	Medium	N/A	01/22/2024	TS7010 TS6000 TS5020 / TS5010 TS3020 / TS3010
The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path	Not Affected	Critical	CVE-2023-38408	2/20/2024	None
Potential Man-In-The-Middle attack during Firmware updates may allow for arbitrary code execution	Ongoing	High	CVE-2023-51073		LinkStation 210/220