Rsync remote code execution

Dec 16, 2025

Rsync remote code execution and related vulnerability

Summary
The rsync server vulnerabilities ultimately allow remote code execution (RCE).

Vulnerability ID	Vulnerability Overview
CVE-2024-12085	A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.

Affected Supported TeraStations

TS7010
Vulnerability is patched from firmware version 1.42

TS5020 / TS3030
Vulnerability is patched from firmware version 2.20

LS700
Vulnerability is patched from firmware version 2.02

Back to Security Notices

Date	Description
03/13/2025	Initial release
05/28/2025	Update
12/16/2025	Update for LS700

Back to Security Notices

Network Attached Storage

Portable Solid State Drive (SSD)

External Hard Drives

While Supplies Last

Optical Drives

Multi-Gigabit Switches

Accessories

View All

Latest Article

Buffalo Americas Product Life Cycle Status Change Notice - BS-MP2008 & BS-MP2012 Business Switches

Rsync remote code execution

Rsync remote code execution and related vulnerability