Sales Chat - Click Here

Security Notices for Buffalo TeraStations

Buffalo actively participates in the new JC-STAR program established by the Japanese Ministry of Economy, Trade and Industry (METI). This framework is a key part of our commitment to ensuring our TeraStation products meet robust cybersecurity standards.

Buffalo TeraStations use a closed operating system that does not allow users to access the OS, install programs, or change the code, thus closing off many cyberattack vectors. 

Many of our customers are running security scanning software that identify versioning information of the various network services provided by the TeraStation and report on known vulnerabilities associated with that software. 

Buffalo is committed to the security of our customers data. We will investigate and report on the various security vulnerabilities that may affect our systems, and publish any remediation or the results of investigations here. 

The list of systems supported with this reporting are:

  • TeraStation 7010 Series (JC-STAR compatible with firmware v2.00 or later)
  • TeraStation 6000 Series
  • TeraStation 5020 / 3030 Series (JC-STAR compatible with firmware v3.00 or later)
  • TeraStation 5010 / 3010 / 3020 Series

Vulnerabities on other systems will be addressed according to their severity, and users should consult the Firmware Update notes for a history of security patches applied. 

For environments where regulatory compliance requires specific responses to vulnerability scanning sortware, Buffalo recommends the use of the above systems.

Report Vulnerabilities

Please contact: security@buffaloamericas.com to report security issues that might affect Buffalo TeraStations.

Please note that this e-mail address is used for monitoring potential product security issues. Any and all replies may not occur unless further information is required or supplied. For technical support of Buffalo products, please visit our Support page instead.

Issue Name Status Severity CVE Last Updated Affected Supported TeraStations Notes
SSL Certificate Cannot be Trusted Resolved Low N/A 03/10/2023 None
All NAS products
 This is an expected scan result until a certificate issued by a certifying authority is installed by the administrator
AFP Vulnerabilities Ongoing Medium CVE-2021-31439 CVE-2022-23121 CVE-2022-0194 CVE-2022-23122 CVE-2022-23125 CVE-2022-23123 CVE-2022-23124 12/21/2022 TS5010/TS3020/TS3010
TS5020/3030
TS6000
 Disable AFP to workaround. Workaround details on page.
Certificate Vulnerability Resolved Medium CVE-2004-2761 12/21/2022 None
 Configuration needed. Refer to vulnerability page.
NETBIOS/SMB Vulnerabilities Resolved High CVE-1999-0505 CVE-1999-0519 CVE-1999-0520 12/21/2022 None
 Configuration needed. Refer to Vulnerability Page.
SMB Signing not required Resolved Medium N/A 01/22/2024 TS5010/TS3020/TS3010
TS5020/3030
TS6000
TS7010
OpenSSL Vulnerabilities Ongoing High CVE-2025-9232 CVE-2025-53020 11/20/2025 TS5020/3030
TS7010
LS700
OpenSSL CMS Password-Based Encryption Memory Corruption Resolved High CVE-2025-9230 12/16/2025 TS5020/3030
TS7010
LS700
OpenSSL Malformed Parsing DoS Vulnerabilities Resolved Medium CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 05/18/2026 TS5020/3030
LS700
 Please update firmware to the latest version.
Buffalo NAS username enumeration via IDOR Resolved Medium CVE-2025-66954 04/09/2026 All NAS products
 To mitigate this risk immediately, disable the guest user account.
Apache HTTP Server mod_proxy_http2 DoS Resolved High CVE-2025-49630 12/11/2025 TS5020/3030
TS7010
OpenSSH DisableForwarding directive bypass Ongoing Medium CVE-2025-32728 12/16/2025 TS5010/TS3020/TS3010
TS5020/3030
TS6000
TS7010
LS700
Samba command injection vulnerability via WINS server hook script Not Affected Critical CVE-2025-10230 04/03/2026 None
OpenSSH incorrectly handled signal management Resolved Critical CVE-2024-6387 10/29/2024 TS5020/3030
TS7010
Apache HTTP Server Vulnerabilities Ongoing High CVE-2024-42516 CVE-2024-43204 CVE-2024-43394 CVE-2024-47252 CVE-2025-23048 CVE-2025-49812 11/20/2025 TS5020/3030
TS7010
Rsync remote code execution Resolved High CVE-2024-12085 03/13/2025 TS5020/3030
TS7010
PKCS#11 in ssh-agent in OpenSSH has an insufficiently trustworthy search path Not Affected Critical CVE-2023-38408 02/20/2024 None
Default sending new or reset passwords over a signed-only connection in AD DC admin tool Not Affected Medium CVE-2023-0922 06/23/2023 None
Attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC Not Affected Medium CVE-2023-0614 06/23/2023 None
Arbitrary code execution on affected installations of Netatalk Ongoing Critical CVE-2022-43634 06/28/2023 TS5010/TS3020/TS3010
TS5020/3030
TS6000
TS7010
 Disable AFP to workaround. Workaround details on page.
Samba 32-Bit Systems Buffer Overflow Ongoing High CVE-2022-42898 10/10/2023 TS5010/TS3020/TS3010
TS5020/3030
TS6000
TS7010
Samba Active Directory elevation of privilege vulnerabilities Not Affected Critical CVE-2022-37966 CVE-2022-37967 CVE-2022-38023 CVE-2022-45141 07/02/2023 None
Kerberos and RPC Elevation of Privilege Vulnerabilities Not Affected Critical CVE-2022-37966 CVE-2022-37967 CVE-2022-38023 CVE-2022-45141 06/23/2023 None
Samba server heap buffer overflow Ongoing Medium CVE-2022-3437 10/10/2023 TS5010/TS3020/TS3010
TS5020/3030
TS6000
TS7010
Samba server configured as an Active Directory domain controller can arbitrarily rewrite their Service Principal Name (SPN) Not Affected High CVE-2022-0336 03/16/2023 None
Samba vfs_fruit module out of bounds heap read and write Not Affected High CVE-2021-44142 03/16/2023 None
Samba information disclosure with SMB1 and Unix Extensions Not Affected High CVE-2021-44141 03/16/2023 None
OpenSSH ssh-agent double free vulnerability Ongoing High CVE-2021-28041 10/10/2023 TS7010
Missing handle permissions check in ChangeNotify Ongoing Medium CVE-2020-14318 03/10/2023 TS5010/TS3020/TS3010
TS5020/3030
TS6000
TS7010
Crash after failed character conversion Not Affected Medium CVE-2019-14907 03/10/2023 None
ACL Inheritance in Samba AD DC Not Affected Medium CVE-2019-14902 03/10/2023 None
Kerberos sets the forwardable flag even if the impersonated client has the not-delegated flag set Not Affected Medium CVE-2019-14870 06/23/2023 None
Denial of service vulnerability exists in the ldb_qsort and dns_name_compare routines Not Affected Medium CVE-2019-14861 06/23/2023 None
Denial of Service vulnerability in Samba AD DC via ‘dirsync’ Not Affected Medium CVE-2019-14847 06/23/2023 None
S4U2Proxy unkeyed checksum Not Affected Medium CVE-2018-16860 03/10/2023 None
Samba remote code execution vulnerability Resolved Critical CVE-2017-7494 10/29/2024 TS5010/TS3020/TS3010
OpenSSH SFTP read-only mode bypass Ongoing Medium CVE-2017-15906 10/10/2023 TS5010/TS3020/TS3010
TS6000
OpenSSL DoS related to s3clntc and s3srvrc Not Affected Medium CVE-2016-6306 05/04/2023 None
Denial of Service (DoS) Vulnerability in OpenSSL t1_lib.c (OCSP) Not Affected High CVE-2016-6304 03/13/2023 None
Integer overflow vulnerability in OpenSSL’s crypto/mdc2/mdc2dgst.c Ongoing High CVE-2016-6303 03/13/2023 TS5010/TS3020/TS3010
TS5020/3030
Denial of Service (DoS) Vulnerability in OpenSSL’s ssl/t1_lib.c (tls_decrypt_ticket) Ongoing High CVE-2016-6302 03/10/2023 TS5010/TS3020/TS3010
TS5020/3030
Open SSH with SHA256 or SHA 512 used for password hashing Not Affected High CVE-2016-6210 03/10/2023 None
DES and Triple DES ciphers “Sweet32” Resolved High CVE-2016-2183 04/21/2023 TS5010/TS3020/TS3010
 Update Firmware to 4.32 or later.
Denial of Service (DoS) Vulnerability in OpenSSL crypto/bn/bn_print.c Ongoing High CVE-2016-2182 03/10/2023 TS5010/TS3020/TS3010
TS5020/3030
TS6000
Denial of Service (DoS) Vulnerability in OpenSSL DTLS Anti-replay Not Affected High CVE-2016-2181 03/10/2023 None
Denial of Service (DoS) Vulnerability in OpenSSL crypto/ts/ts_lib.c (CVE-2016-2180) Resolved Critical CVE-2016-2180 03/10/2023 TS5010/TS3020/TS3010
 Upgrade to firmware 4.80 or later
Denial of Service (DoS) Vulnerability in OpenSSL DTLS (CVE-2016-2179) Not Affected High CVE-2016-2179 03/10/2023 None
Vulnerability in OpenSSL DSA private key acquisition (CVE-2016-2178) Resolved High CVE-2016-2178 03/10/2023 TS5010/TS3020/TS3010
 Upgrade to firmware 4.80 or later
Denial of Service (DoS) Vulnerability in OpenSSL Resolved High CVE-2016-2177 03/10/2023 TS5010/TS3020/TS3010
 Upgrade to firmware 4.80 or later
Open SSH untrusted X11 forwarding Not Affected High CVE-2016-1908 03/10/2023 None
OpenSSH gain of privilege via unspecified vectors related to serverloop.c Not Affected High CVE-2016-10010 06/28/2023 None
OpenSSH Multiple Vulnerabilities Resolved High CVE-2016-10009 CVE-2016-10011 CVE-2016-10012 CVE-2016-10708 06/28/2023 TS5010/TS3020/TS3010
TS6000
 Update Firmware to 4.56 or later (TS5010/3010/3020) Update Firmware to 5.12 or later (TS6000)
OpenSSH client roaming vulnerabilities Ongoing High CVE-2016-0777 CVE-2016-0778 10/10/2023 TS5010/TS3020/TS3010
TS6000
Open SSH when UseLogin feature is enabled Not Affected High CVE-2015-8325 03/10/2023 None
OpenSSH MaxAuthTries restriction bypass Not Affected Medium CVE-2015-5600 CVE-2015-6563 CVE-2015-6564 CVE-2015-6565 10/10/2023 None
OpenSSH bypass timeout checks and XSECURITY restrictions Not Affected High CVE-2015-5352 10/10/2023 None
Insecure Ciphers in default SSL configuration of Apache Tomcat Not Affected Low CVE-2007-1858 03/28/2023 None
Apache HTTP Server allows remote attackers to obtain sensitive information Not Affected Medium CVE-2003-1418 03/28/2023 None
ICMP Timestamp and Netmask Information Disclosure Ongoing Medium CVE-1999-0524 12/16/2025 TS5010/TS3020/TS3010
TS5020/3030
TS6000
TS7010
LS700
CPU and use-after-free DoS vulnerabilities in Samba AD DC Not Affected High CVE-2020-10730 CVE-2020-10745 CVE-2020-10760 CVE-2020-14303 06/23/2023 None
X