Buffalo Inc. is aware of the multiple security vulnerabilities found in Samba. They affect NAS products and wireless routers that support Samba.

Revision History

2017/12/13

Initial Public Release

Description

The following vulnerabilities exist in Samba used in our NAS products and wireless routers.

・ CVE-2017-14746
　　It is possible that SMB become unusable due to malicious SMB1 request.
　　Depending on the product, restart becomes necessary.

・ CVE-2017-15275
　　It is possible that information of uninitialized memory leaks due to malicious SMB1 request.

Products using smb1

When the investigation will progress, Buffalo will update this public release with information about affected products.

TeraStation

Product Series	CVE-2017-14746	CVE-2017-15275
TS5010/TS3010 Series	Affected	Affected
TS7000 Series	Not affected	Affected
TS5000 Series	Not affected	Affected
TS5200DS Series	Not affected	Affected
TS3000 Series	Not affected	Affected
TS1000 Series	Not affected	Affected
TS-X Series	Not affected	Affected
TS-V Series	Not affected	Affected

LinkStation

Product Series	CVE-2017-14746	CVE-2017-15275
LS500 Series	Affected	Affected
LS400 Series	Not affected	Affected
LS200 Series	Not affected	Affected
LS-X Series	Not affected	Affected
LS-V Series	Not affected	Affected
LS-WSXL Series	Not affected	Affected

AirStation

Product Series	CVE-2017-14746	CVE-2017-15275
WBMR-300HPD	Not affected	Affected
WHR-300HP2D	Not affected	Affected
WZR-HP-AG300H	Not affected	Affected
WZR-HP-G300NH2	Not affected	Affected
WZR-HP-G450H	Not affected	Affected
WZR-450HP2D	Not affected	Affected

Products confirmed Not Affected

Category	Product Series
TeraStation	Series with Windows Storage Server
AirStation	WXR-1900DHP
	WZR-1166DHP
	WZR-D1800H

Workarounds

We will release the firmware that will be fixed vulnerability.
Buffalo strongly recommends that you download the latest firmware as soon as possible after fixed firmware is available.

Contact Window

For inquiries regarding this matter, please contact us.