{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-66954", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-20T16:54:28.824Z", "dateReserved": "2025-12-08T00:00:00.000Z", "datePublished": "2026-04-20T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-20T16:27:57.304Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/DBmonster19/CVE-2025-66954"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-639", "lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T16:51:02.176101Z", "id": "CVE-2025-66954", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:54:28.824Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-66954", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T16:51:02.176101Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:53:35.469Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/DBmonster19/CVE-2025-66954"}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-20T16:27:57.304Z"}}}, "cveMetadata": {"cveId": "CVE-2025-66954", "state": "PUBLISHED", "dateUpdated": "2026-04-20T16:54:28.824Z", "dateReserved": "2025-12-08T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-20T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid usernames and their associated privilege roles. The issue is triggered by modifying a parameter within requests sent to the /nasapi endpoint."}], "id": "CVE-2025-66954", "lastModified": "2026-04-20T19:05:30.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-20T17:16:29.837", "references": [{"source": "cve@mitre.org", "url": "https://github.com/DBmonster19/CVE-2025-66954"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.85-0.01"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "link_station", "vendor": "buffalo"}], "analysis": {"en": {"generated_at": "2026-04-21T15:47:56.601489+00:00", "value": {"mitigation_remediation": ["Confirm whether Buffalo has released a firmware update or advisory that addresses the /nasapi enumeration flaw; apply the update if available.", "Restrict access to the /nasapi endpoint using firewall rules or ACLs so that only trusted internal hosts can reach it.", "Disable or remove guest accounts on the device or reduce their privileges if they are not required.", "Actively monitor device logs for repeated attempts to enumerate usernames or roles and investigate any suspicious activity."], "summary": {"action": "Monitor", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Only the Buffalo Link Station device running firmware version\u202f1.85\u20110.01 is listed as affected. No other vendors or product versions are mentioned. The impact is limited to this specific firmware release.", "description_and_impact": "A vulnerability exists in the Buffalo Link Station firmware 1.85\u20110.01 that permits unauthenticated or guest\u2011level users to retrieve a list of valid usernames and their associated privilege roles by altering a parameter in requests to the /nasapi endpoint. This allows an attacker to learn account identifiers and role assignments\u2014a disclosure that could support social engineering, credential guessing, or planning of targeted attacks. The weakness falls under CWE\u2011639 (Privilege\u2011Based Access Control Failure).", "risk_and_exploitability": "The vulnerability can be triggered without authentication; any network participant who can reach the device can provoke the enumeration. The CVSS score of 6.5 indicates moderate risk. The exploitation does not require special privileges and the EPSS score is unavailable, so a precise exploitation likelihood cannot be stated. While the vulnerability is not listed in the CISA KEV catalog, the disclosure of user identities and roles could be valuable for attackers, particularly if the device hosts sensitive data or services."}}}}, "created": "2026-04-20T17:30:12.653492+00:00", "title": "Unauthenticated Username Enumeration via /nasapi Endpoint in Buffalo Link Station Firmware 1.85-0.01", "updated": "2026-04-27T20:21:19.901592+00:00", "vendors": ["buffalo", "buffalo$PRODUCT$link_station"]}