Summary
Buffalo TeraStation is prone to an arbitrary file download and an arbitrary command-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker can exploit these issues to download arbitrary files and execute arbitrary-commands with root privilege within the context of the vulnerable system. Successful exploits will result in the complete compromise of affected system.
References
Updated on 2015-03-25