CVE-2026-29516 PUBLISHED

Buffalo TeraStation TS5400R Excessive File Permissions Information Disclosure

Assigner: VulnCheck
Reserved: 04.03.2026 Published: 16.03.2026 Updated: 17.03.2026

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions on /etc/shadow to retrieve hashed passwords for all configured accounts including root.

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 6.9

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Network	Confidentiality	High	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	None	Availability	None
Privileges Required	High
User Interaction	None

CVSS 4.0

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CVSS Score: 4.9

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	None
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	Buffalo
Product	TeraStation NAS TS5400R
Versions	Default: unknown affected from 0 to 4.02-0.06 (incl.)

Credits

Victor A. Morales, Senior Pentester Team Leader, GM Sectec, Corp finder
Omar Crespo, Pentester, GM Sectec, Corp. finder
VulnCheck coordinator

References

Problem Types

CWE-732 Incorrect Permission Assignment for Critical Resource CWE