CVE-2025-66954
A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 08, 2025
- Published Date
- April 20, 2026
- Last Updated
- April 20, 2026
- Vendor
- n/a
- Product
- n/a
- Description
- A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint.
CVSS Scores
CVSS v3.1
6.5 - MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
SSVC Information
- Exploitation
- none
- Technical Impact
- partial
Exploit Status
- Exploited in the Wild
- Yes (2026-04-17 21:00:04 UTC) Source
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2026-04-17 21:00:04 UTC |
Timeline
-
CVE ID Reserved
-
Added to KEVIntel
-
CVE Published to Public