Buffalo TeraStation NAS TS5400R Excessive File Permissions Information Disclosure Vulnerability

Vulnerability

An excessive file permissions vulnerability has been identified in Buffalo TeraStation NAS TS5400R devices running firmware versions through 4.02-0.06. This vulnerability allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file via the webserver. The world-readable permissions on the /etc/shadow file can be exploited to retrieve hashed passwords for all configured accounts, including the root account.

Impact

Exploitation of this vulnerability could lead to unauthorized access to hashed passwords for all user accounts on the device, including root, potentially allowing for further exploitation or privilege escalation.

Added: Mar 16, 2026, 9:10 PM

Updated: Mar 16, 2026, 9:10 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

3.5

remediation

0.0

relevance

4.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Buffalo TeraStation NAS TS5400R Excessive File Permissions Information Disclosure Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating