DNA View

CVE-2026-29516

Medium

Low Medium High Critical

4.9

CVSS Score

Published: Mar 16, 2026

Last Modified: Mar 17, 2026

CWE: CWE-732

Vulnerability Description

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

Severity Details

4.9

out of 10.0

Medium

Weakness Type (CWE)

CWE-732

Incorrect Permission Assignment for Critical Resource

Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class

View CWE Details on MITRE

Key Information

Published Date: March 16, 2026

External Resources

NIST NVD

National Vulnerability Database

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages