Home

Description

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root.

PUBLISHED Reserved 2026-03-04 | Published 2026-03-16 | Updated 2026-03-17 | Assigner VulnCheck




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 4.9CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status
unknown

Any version
affected

Credits

Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp finder

Omar Crespo, Pentester, GM Sectec, Corp. finder

VulnCheck coordinator

References

buffaloamericas.com/ product

www.vulncheck.com/...file-permissions-information-disclosure third-party-advisory

cve.org (CVE-2026-29516)

nvd.nist.gov (CVE-2026-29516)

Download JSON