Buffalo TeraStation is prone to an arbitrary file download and an arbitrary command-injection vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these issues to download arbitrary files and execute arbitrary-commands with root privilege within the context of the vulnerable system. Successful exploits will result in the complete compromise of affected system.

• http://www.securityfocus.com/bid/57634

---

Updated on 2015-03-25